PO-29840032.exe

General
Target

PO-29840032.exe

Size

495KB

Sample

210223-9wdckd8wye

Score
10 /10
MD5

16a8bcda6b8877e2a76f56ac5707eaa8

SHA1

2f6a4a474c53183a14ef815d2f3aa9cdb6a0b545

SHA256

4116c5111907369d23e1a5f7adf2b0cd13186d6155a8f9406b794f191180f914

SHA512

6cacea9c50c6f5d8fa96a6c8047db43458cd5159e87fe3c0807599b21ba80d4f31649b0f26c51edc352c0f55f2c405e32131d81baa70c0547a556efd253ad380

Malware Config

Extracted

Family formbook
C2

http://www.merckcbd.com/dei5/

Decoy

studiomullerphoto.com

reallionairewear.com

dogsalondoggy-tail.com

excelmache.net

bigdiscounters.com

7986799.com

ignition.guru

xiaoxu.info

jpinpd.com

solpool.info

uchooswrewards.com

everestengineeringworks.com

qianglongzhipin.com

deepimper-325.com

appliedrate.com

radsazemehr.com

vivabematividadesfisicas.com

capacitalo.com

somecore.com

listingclass.net

romel.codes

mybettermentor.com

hxc43.com

btccvil312723.com

rudiskenya.com

internationalrockmusic.com

wudiwifi.com

scienceacademyraj.com

tumulusinnovations.com

studioeduardobeninca.com

formabench.com

ribbonredwhiteandblue.com

miningequipmentrental.com

myamom.com

riversportswear.net

14505glenmarkdr.com

nikolcosmetic.com

toninopr.com

cutfortheconnect.com

nl22584.com

mezokovesd.com

rozhandesign.com

futbolki.space

rmobipanoshop.com

merchmuslim.com

recurrentcornealerosion.com

enottampan.com

vasquez.photos

koreanmindbeauty.com

andressabode.com

Targets
Target

PO-29840032.exe

MD5

16a8bcda6b8877e2a76f56ac5707eaa8

Filesize

495KB

Score
10 /10
SHA1

2f6a4a474c53183a14ef815d2f3aa9cdb6a0b545

SHA256

4116c5111907369d23e1a5f7adf2b0cd13186d6155a8f9406b794f191180f914

SHA512

6cacea9c50c6f5d8fa96a6c8047db43458cd5159e87fe3c0807599b21ba80d4f31649b0f26c51edc352c0f55f2c405e32131d81baa70c0547a556efd253ad380

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Formbook Payload

    Tags

  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1