SOA.exe

General
Target

SOA.exe

Size

740KB

Sample

210223-matnc28ess

Score
10 /10
MD5

1d3573643db9a59abcd6b937a33d1f28

SHA1

7a00cb31b78616ed1f58cd3550d3ab47a2d66e4a

SHA256

8eb77ec70c44e86607e97ce926cdb4e0610a0199c348fa329dba50bef34d5fc1

SHA512

a4fc37960b23374d5a2fdf0e5013719a87dd5c90f7deca11ada4215db6ce1f44249f1bc1ec0b9f7071f6d3589dcef725037bf4a50147c5da02c29860b25bbc9f

Malware Config

Extracted

Family formbook
C2

http://www.fun4gang.xyz/thg/

Decoy

retrospectphotographydesign.com

jafodraws.com

cigiwie.space

upgradecarehealth.com

12ts.xyz

111indianbend.com

qqchbakery.com

0831xx.com

supecret.com

ayfadopple.com

coldwateradvisors.com

forexgiftcard.com

actionconsultingchile.com

mpsconcrete.net

carmallc.com

b167888.com

simonking.xyz

elitedigitalperformance.com

essentialjanitorialservices.com

barcosocasionberga.com

skyboxorganics.com

luewedrware.com

gypsybrandswag.com

v-surf-boards.com

maxbeautypro.com

bellahappy24.com

translatemyanmar.com

streemsex.com

wql.xyz

2002sport.xyz

septerrallc.com

pk30jpt5n.xyz

propurposepivot.com

vietristore.com

ghyperdigital.com

peau-parfaite.com

hdhldance.com

restaurantweeknepal.com

ww-tree.space

svim.net

flowersforeveraz.net

victormsalazar.com

sinaates.store

photomagazineextra.com

427557.com

regenerativesouls.com

lovestsintao.space

hyweljones.net

rogerbyronlaw.com

retirocard.com

Targets
Target

SOA.exe

MD5

1d3573643db9a59abcd6b937a33d1f28

Filesize

740KB

Score
10 /10
SHA1

7a00cb31b78616ed1f58cd3550d3ab47a2d66e4a

SHA256

8eb77ec70c44e86607e97ce926cdb4e0610a0199c348fa329dba50bef34d5fc1

SHA512

a4fc37960b23374d5a2fdf0e5013719a87dd5c90f7deca11ada4215db6ce1f44249f1bc1ec0b9f7071f6d3589dcef725037bf4a50147c5da02c29860b25bbc9f

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Formbook Payload

    Tags

  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1