Revised Invoice No CU 7035.exe

General
Target

Revised Invoice No CU 7035.exe

Size

469KB

Sample

210408-4dqlfwgjpe

Score
10 /10
MD5

a0b32e96914dfe7d50cc7a56d4939c2f

SHA1

3b3033ac851d71711ea10b263cf2b398833316b7

SHA256

2e10edfbe7c4a7c9220db55d3c6f921262366908277a5483ff0faf5579e194f4

SHA512

ee8f0b1dfefb45ab7188b4bb60bb175a2a71ad58fa1083059f98d81a54d7ec03a63fb0ab9f1897f2d8c9224468a9230b8acb936ac82d54c743e72eab5480508a

Malware Config

Extracted

Family formbook
Version 4.1
C2

http://www.the-techs.info/chue/

Decoy

wowmovies.today

magentos6.com

bi-nav.com

atlantahawks.sucks

wluabjy.icu

kevableinsights.com

lavidaenaustralia.com

stonermadeapparel.net

sondein.com

cirquedusoleilartist.com

kanjitem.com

tomofalltrades.site

mecanico.guru

tech2020s.com

amesoneco.com

theawfulliar.com

californiaadugurus.com

rentalservicesolutions.com

fsxbhd.club

casino-seo.com

asknesto.com

get-rangextd.com

gkwill.com

juliegiles.net

pagosafreedom.com

wbpossiblellc.com

fhjfyutotyhfse.com

sexshopsatelite.com

shellykraftlaw.com

motherhenscoop.com

mboklanjar.com

redwoodcityswing.com

haier-mz.com

metalinjectionltd.asia

franquiaoriginal.com

mcronaldfood.com

mobilegymconcierge.com

haifu168.com

apeiro.life

thejosephnashvilletn.com

bensbrickstore.com

sanctumwell.com

beanexthomie.com

stylazhaircare.com

jordanvanvleet.com

jdwx400.com

francescoricco.com

gameshowsatschool.com

alqymist-monaco.com

infinitysportsmassage.com

Targets
Target

Revised Invoice No CU 7035.exe

MD5

a0b32e96914dfe7d50cc7a56d4939c2f

Filesize

469KB

Score
10 /10
SHA1

3b3033ac851d71711ea10b263cf2b398833316b7

SHA256

2e10edfbe7c4a7c9220db55d3c6f921262366908277a5483ff0faf5579e194f4

SHA512

ee8f0b1dfefb45ab7188b4bb60bb175a2a71ad58fa1083059f98d81a54d7ec03a63fb0ab9f1897f2d8c9224468a9230b8acb936ac82d54c743e72eab5480508a

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Formbook Payload

    Tags

  • Nirsoft

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1