PO-29840032.exe

Target

PO-29840032.exe

Size

495KB

Sample

210223-9wdckd8wye

Score

10 ^/10

MD5

16a8bcda6b8877e2a76f56ac5707eaa8

SHA1

2f6a4a474c53183a14ef815d2f3aa9cdb6a0b545

SHA256

4116c5111907369d23e1a5f7adf2b0cd13186d6155a8f9406b794f191180f914

SHA512

6cacea9c50c6f5d8fa96a6c8047db43458cd5159e87fe3c0807599b21ba80d4f31649b0f26c51edc352c0f55f2c405e32131d81baa70c0547a556efd253ad380

Extracted

Family	formbook
C2	http://www.merckcbd.com/dei5/ http://www.merckcbd.com/dei5/
Decoy	studiomullerphoto.com reallionairewear.com dogsalondoggy-tail.com excelmache.net bigdiscounters.com 7986799.com ignition.guru xiaoxu.info jpinpd.com solpool.info uchooswrewards.com everestengineeringworks.com qianglongzhipin.com deepimper-325.com appliedrate.com radsazemehr.com vivabematividadesfisicas.com capacitalo.com somecore.com listingclass.net romel.codes mybettermentor.com hxc43.com btccvil312723.com rudiskenya.com internationalrockmusic.com wudiwifi.com scienceacademyraj.com tumulusinnovations.com studioeduardobeninca.com formabench.com ribbonredwhiteandblue.com miningequipmentrental.com myamom.com riversportswear.net 14505glenmarkdr.com nikolcosmetic.com toninopr.com cutfortheconnect.com nl22584.com mezokovesd.com rozhandesign.com futbolki.space rmobipanoshop.com merchmuslim.com recurrentcornealerosion.com enottampan.com vasquez.photos koreanmindbeauty.com andressabode.com thetwolouises.com weberbyroble.com followmargpolo.com englishclubb.online sorryididnthearthat.com greatlookfashion.club cartoleriagrillocatania.com esteprize.com sdsej.com phiecraft.xyz psm-gen.com passivefiresafe.com homeyplantycosy.com 0343888.com studiomullerphoto.com reallionairewear.com dogsalondoggy-tail.com excelmache.net bigdiscounters.com 7986799.com ignition.guru xiaoxu.info jpinpd.com solpool.info uchooswrewards.com everestengineeringworks.com qianglongzhipin.com deepimper-325.com appliedrate.com radsazemehr.com vivabematividadesfisicas.com capacitalo.com somecore.com listingclass.net romel.codes mybettermentor.com hxc43.com btccvil312723.com rudiskenya.com internationalrockmusic.com wudiwifi.com scienceacademyraj.com tumulusinnovations.com studioeduardobeninca.com formabench.com ribbonredwhiteandblue.com miningequipmentrental.com myamom.com riversportswear.net 14505glenmarkdr.com nikolcosmetic.com toninopr.com cutfortheconnect.com nl22584.com mezokovesd.com rozhandesign.com futbolki.space rmobipanoshop.com merchmuslim.com recurrentcornealerosion.com enottampan.com vasquez.photos koreanmindbeauty.com andressabode.com thetwolouises.com weberbyroble.com followmargpolo.com englishclubb.online sorryididnthearthat.com greatlookfashion.club cartoleriagrillocatania.com esteprize.com sdsej.com phiecraft.xyz psm-gen.com passivefiresafe.com homeyplantycosy.com 0343888.com

Target

PO-29840032.exe

MD5

16a8bcda6b8877e2a76f56ac5707eaa8

Filesize

495KB

Score

10 ^/10

SHA1

2f6a4a474c53183a14ef815d2f3aa9cdb6a0b545

SHA256

4116c5111907369d23e1a5f7adf2b0cd13186d6155a8f9406b794f191180f914

SHA512

6cacea9c50c6f5d8fa96a6c8047db43458cd5159e87fe3c0807599b21ba80d4f31649b0f26c51edc352c0f55f2c405e32131d81baa70c0547a556efd253ad380

Signatures

Formbook

Description

Formbook is a data stealing malware which is capable of stealing data.

Tags

trojan spyware stealer formbook
Formbook Payload

Tags

rat
Deletes itself
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Scheduled Task

Privilege Escalation

static1

behavioral1

formbook rat spyware stealer trojan

10^/10

behavioral2

formbook rat spyware stealer trojan

10^/10

Extracted

Tags

Signatures

Formbook

Description

Tags

Formbook Payload

Tags

Deletes itself

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2