RRW9901200241.exe

General
Target

RRW9901200241.exe

Size

325KB

Sample

210113-g37dqjny3n

Score
10 /10
MD5

61ffb4ad4721f51413075923b2e9468d

SHA1

aa9ca98955157ca28bdbb1d8d29c3d1af2e28023

SHA256

546e873e9e746eeee9cbed391ff7463ce192091ee0ff51c076291da5d836f64f

SHA512

fe49b3771c704c8ab65cb7eb54e6a6e29abb96d0f6e2a9e1d3838d99370d2d868b51111a4ff5e04b181c1f12f42a296a56c5a1e3afb4fa05540ae632d592dbd7

Malware Config

Extracted

Family formbook
C2

http://www.unitvn.com/krc/

Decoy

grayfoxden.com

drupadhyayashomoeopathy.com

coordinatedcare-ok.com

the-legend-update3.com

remoteworkoffer.com

r3dprojects.com

banhuaihangschool.com

7852bigbucktrail.info

villagepizzafloralpark.com

sgtradingusa.com

evolvestephanieperreault.com

timelessbeautylessons.com

monkeytrivia.com

bsf.xyz

canda.design

recetasnutribullet.com

olenfex.com

catatan-matematika.com

roeltecnologiadigital.com

jutoxnatural.com

euroticie.info

tmxinc-chemicals.com

futurehawick.com

xaxzwz.com

kitfal.com

mickey2nd.com

world10plus.com

harkinstheates.com

conceptpowder.com

aeshahcosmetics.com

netglog.net

mystery-enigma.net

packerssandmover.online

weinsurehumans.com

estrade-monschau.com

poinintiteknologi.com

zipdelta.com

thibau4.xyz

immobiliervaldoingt.com

superherospirit.com

c-vital33.com

dydongyuan.com

glamatomy.com

campingpt.com

wozhebank.com

citestaccnt1597754710.com

localcryptod.com

celinemnique.com

broderies-admc.com

watdomenrendi03.net

Targets
Target

RRW9901200241.exe

MD5

61ffb4ad4721f51413075923b2e9468d

Filesize

325KB

Score
10 /10
SHA1

aa9ca98955157ca28bdbb1d8d29c3d1af2e28023

SHA256

546e873e9e746eeee9cbed391ff7463ce192091ee0ff51c076291da5d836f64f

SHA512

fe49b3771c704c8ab65cb7eb54e6a6e29abb96d0f6e2a9e1d3838d99370d2d868b51111a4ff5e04b181c1f12f42a296a56c5a1e3afb4fa05540ae632d592dbd7

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Formbook Payload

    Tags

  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1