Payment Slip.exe

General
Target

Payment Slip.exe

Size

505KB

Sample

210408-5fbybchvl6

Score
10 /10
MD5

2ca388f576c09252531a51474cdf74ae

SHA1

2d8f4f340bf642fc0f2565a20ed079cc669e18b3

SHA256

4f450fcf02d7006fd4fbea8c2cad999397672d44864f1e8c504633ce53c3d53d

SHA512

373f3f9690c9061922ea95ec24c86c87a586125949e1368268b018185be44db6cc273cec9e42821f857b733d9bbe6462e5b8ba37149f577597dcaa33f1f0e791

Malware Config

Extracted

Family formbook
Version 4.1
C2

http://www.the-techs.info/chue/

Decoy

wowmovies.today

magentos6.com

bi-nav.com

atlantahawks.sucks

wluabjy.icu

kevableinsights.com

lavidaenaustralia.com

stonermadeapparel.net

sondein.com

cirquedusoleilartist.com

kanjitem.com

tomofalltrades.site

mecanico.guru

tech2020s.com

amesoneco.com

theawfulliar.com

californiaadugurus.com

rentalservicesolutions.com

fsxbhd.club

casino-seo.com

asknesto.com

get-rangextd.com

gkwill.com

juliegiles.net

pagosafreedom.com

wbpossiblellc.com

fhjfyutotyhfse.com

sexshopsatelite.com

shellykraftlaw.com

motherhenscoop.com

mboklanjar.com

redwoodcityswing.com

haier-mz.com

metalinjectionltd.asia

franquiaoriginal.com

mcronaldfood.com

mobilegymconcierge.com

haifu168.com

apeiro.life

thejosephnashvilletn.com

bensbrickstore.com

sanctumwell.com

beanexthomie.com

stylazhaircare.com

jordanvanvleet.com

jdwx400.com

francescoricco.com

gameshowsatschool.com

alqymist-monaco.com

infinitysportsmassage.com

Targets
Target

Payment Slip.exe

MD5

2ca388f576c09252531a51474cdf74ae

Filesize

505KB

Score
10 /10
SHA1

2d8f4f340bf642fc0f2565a20ed079cc669e18b3

SHA256

4f450fcf02d7006fd4fbea8c2cad999397672d44864f1e8c504633ce53c3d53d

SHA512

373f3f9690c9061922ea95ec24c86c87a586125949e1368268b018185be44db6cc273cec9e42821f857b733d9bbe6462e5b8ba37149f577597dcaa33f1f0e791

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Formbook Payload

    Tags

  • Nirsoft

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1