RRW9901200241.exe

Target

RRW9901200241.exe

Size

325KB

Sample

210113-g37dqjny3n

Score

10 ^/10

MD5

61ffb4ad4721f51413075923b2e9468d

SHA1

aa9ca98955157ca28bdbb1d8d29c3d1af2e28023

SHA256

546e873e9e746eeee9cbed391ff7463ce192091ee0ff51c076291da5d836f64f

SHA512

fe49b3771c704c8ab65cb7eb54e6a6e29abb96d0f6e2a9e1d3838d99370d2d868b51111a4ff5e04b181c1f12f42a296a56c5a1e3afb4fa05540ae632d592dbd7

Extracted

Family	formbook
C2	http://www.unitvn.com/krc/ http://www.unitvn.com/krc/
Decoy	grayfoxden.com drupadhyayashomoeopathy.com coordinatedcare-ok.com the-legend-update3.com remoteworkoffer.com r3dprojects.com banhuaihangschool.com 7852bigbucktrail.info villagepizzafloralpark.com sgtradingusa.com evolvestephanieperreault.com timelessbeautylessons.com monkeytrivia.com bsf.xyz canda.design recetasnutribullet.com olenfex.com catatan-matematika.com roeltecnologiadigital.com jutoxnatural.com euroticie.info tmxinc-chemicals.com futurehawick.com xaxzwz.com kitfal.com mickey2nd.com world10plus.com harkinstheates.com conceptpowder.com aeshahcosmetics.com netglog.net mystery-enigma.net packerssandmover.online weinsurehumans.com estrade-monschau.com poinintiteknologi.com zipdelta.com thibau4.xyz immobiliervaldoingt.com superherospirit.com c-vital33.com dydongyuan.com glamatomy.com campingpt.com wozhebank.com citestaccnt1597754710.com localcryptod.com celinemnique.com broderies-admc.com watdomenrendi03.net dehaochu.com missbeehavn.com ryangyoung.com kcspantry.com posdonanim.com directtestingservice.com toastxpress.com kingdommarketinguniversity.com quantumtoday.xyz modernhomespa.com peakeventsservices.com dellvn.net maryjoyllc.com trentog.com grayfoxden.com drupadhyayashomoeopathy.com coordinatedcare-ok.com the-legend-update3.com remoteworkoffer.com r3dprojects.com banhuaihangschool.com 7852bigbucktrail.info villagepizzafloralpark.com sgtradingusa.com evolvestephanieperreault.com timelessbeautylessons.com monkeytrivia.com bsf.xyz canda.design recetasnutribullet.com olenfex.com catatan-matematika.com roeltecnologiadigital.com jutoxnatural.com euroticie.info tmxinc-chemicals.com futurehawick.com xaxzwz.com kitfal.com mickey2nd.com world10plus.com harkinstheates.com conceptpowder.com aeshahcosmetics.com netglog.net mystery-enigma.net packerssandmover.online weinsurehumans.com estrade-monschau.com poinintiteknologi.com zipdelta.com thibau4.xyz immobiliervaldoingt.com superherospirit.com c-vital33.com dydongyuan.com glamatomy.com campingpt.com wozhebank.com citestaccnt1597754710.com localcryptod.com celinemnique.com broderies-admc.com watdomenrendi03.net dehaochu.com missbeehavn.com ryangyoung.com kcspantry.com posdonanim.com directtestingservice.com toastxpress.com kingdommarketinguniversity.com quantumtoday.xyz modernhomespa.com peakeventsservices.com dellvn.net maryjoyllc.com trentog.com

Target

RRW9901200241.exe

MD5

61ffb4ad4721f51413075923b2e9468d

Filesize

325KB

Score

10 ^/10

SHA1

aa9ca98955157ca28bdbb1d8d29c3d1af2e28023

SHA256

546e873e9e746eeee9cbed391ff7463ce192091ee0ff51c076291da5d836f64f

SHA512

fe49b3771c704c8ab65cb7eb54e6a6e29abb96d0f6e2a9e1d3838d99370d2d868b51111a4ff5e04b181c1f12f42a296a56c5a1e3afb4fa05540ae632d592dbd7

Signatures

Formbook

Description

Formbook is a data stealing malware which is capable of stealing data.

Tags

trojan spyware stealer formbook
Formbook Payload

Tags

rat
Deletes itself
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

formbook rat spyware stealer trojan

10^/10

behavioral2

formbook rat spyware stealer trojan

10^/10

Extracted

Tags

Signatures

Formbook

Description

Tags

Formbook Payload

Tags

Deletes itself

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2