20210113432.exe

General
Target

20210113432.exe

Size

1MB

Sample

210113-cp3c3an6mj

Score
10 /10
MD5

13dbc9c1c5a2811ecbee5f420c9c75b6

SHA1

6b01e540d3757944b61baa187159a908e170d5ae

SHA256

ba41656ca5e0e243cff9f6a536c43998a9dbc492f5e813a0022e84359b2e0ef8

SHA512

ae1414b91ba91a29575901ac0daf55aa937454b1afcd53d7d0c9461ca2b48d65bb1f3213ad23853987a40381a2f57be359fdbf7848ff57432b5e95ffd4cbcea1

Malware Config

Extracted

Family formbook
C2

http://www.southsideflooringcreations.com/dkk/

Decoy

goldenfarmm.com

miproper.com

theutahan.com

efeteenerji.com

wellfarehealth.com

setricoo.com

enjoyablephotobooths.com

semaindustrial.com

jennywet.com

jackhughesart.com

cantgetryte.com

searko.com

zxrxhuny.icu

exoticorganicwine.com

fordexplorerproblems.com

locationwebtv.net

elinvoimainenperhe.com

mundoclik.com

nouvellenormale.com

talasnakliyat.com

mundusabsurdus.com

leathercustomgrips.com

5523.xyz

aaabizmedia.com

sandrasantoss.com

sellitech.net

pangeleia.com

risepasal.com

ruidev.site

blogthatanswer.com

cormacknnl.com

coolfishartist.com

jessicaasiankitchen.com

hinikerco.com

dragonflyaerialimagery.net

dhtmlkits.com

miacella.com

mvipfb.com

108-bet.com

lancru-baikyaku.xyz

hkgerry.com

solarpanelsgreenenergy.com

traditionalcookingacademy.com

freecarandhome.com

naturacake.com

dreambuildarchitect.com

ortigiarealty.com

datings.life

willtecint.com

newlife-here.com

Targets
Target

20210113432.exe

MD5

13dbc9c1c5a2811ecbee5f420c9c75b6

Filesize

1MB

Score
10 /10
SHA1

6b01e540d3757944b61baa187159a908e170d5ae

SHA256

ba41656ca5e0e243cff9f6a536c43998a9dbc492f5e813a0022e84359b2e0ef8

SHA512

ae1414b91ba91a29575901ac0daf55aa937454b1afcd53d7d0c9461ca2b48d65bb1f3213ad23853987a40381a2f57be359fdbf7848ff57432b5e95ffd4cbcea1

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Formbook Payload

    Tags

  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1