General
-
Target
https://wetransfer.com/downloads/e8b7c889fe2949f2a2df1d6ac42ffc3a20210111122729/f07c52
-
Sample
210111-ej3fv8dh8x
Score
10/10
Malware Config
Extracted
Family
formbook
C2
http://www.deejayatl.com/khm/
Decoy
bizzglobal.com
sura-solutions.com
zhaofu7.com
electricindians.com
thedirtyreds.com
graalmilitaryofficial.com
yx-vinylglove.com
e-zenithonline.com
iric-canada.net
solrsmrtnrg.com
terdissuadablesouthe.net
farhadmagic.com
mysimplenook.com
melkavand.com
swirlinginlimbo.com
dentist-sandimas.com
88265536.com
88q18.com
kogiz.com
hasbiadam.com
Targets
-
-
Target
https://wetransfer.com/downloads/e8b7c889fe2949f2a2df1d6ac42ffc3a20210111122729/f07c52
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Suspicious use of SetThreadContext
-