ORDER7946ERA-LBT.exe

General
Target

ORDER7946ERA-LBT.exe

Size

664KB

Sample

210408-k9ewz41q3a

Score
10 /10
MD5

b36e69f884b74fe568bdb7fdb06362cb

SHA1

e17782339164117645128597cfd22152c80cf229

SHA256

9f578e7bf0375c366223406cd1504c79feb2f2408f88ffbccc22cd1bc3237389

SHA512

ab22ad98a9a14be9607e7205384cf77e937715fcbd90f2dad240d0992094c6f0e945db0eca96081dc4728b22fe658cfb6936e123ebf1b802e045e433e2ea7792

Malware Config

Extracted

Family formbook
Version 4.1
C2

http://www.valoremamma.com/cw3g/

Decoy

qiuxi.ltd

kylayagerartwork.com

qzgay.com

riverandroadfilms.com

easislip.com

ma3loomat.info

babyuniverses.com

ovvldbxmd.icu

fthiscompany.com

tabac-control.com

x7exf2.com

juxrams.info

californialaserspinesurgery.com

theindielawyer.com

jxaotu.com

epostakutun.com

pappyjackburgershack.com

fgafinancialgroup.com

ddiesels.com

thesixthdesign.com

dunesrealtygroup.com

thorntonhillshousecleaning.com

xmgzj.com

np9co.com

sumerueduneed.com

harveyvargas.com

dpriew.com

mama-hochet-seksa.site

theforbiddentoybox.com

manhassetcarwash.com

dailyhealthyvibes.info

flutterlashestoronto.com

echelonfurniture.com

moukarram.com

burateamtr.net

psicobiologiadelser.com

theleave.club

texasapartmentinvestorclub.com

yul2.com

peixotoepeixotos.com

neflcounseling.com

awatabi.com

goodpractiz.com

smileworkscorp.com

oreshola.com

xn--m3ciavumc0b2aba4gwjkb9e.com

20dzb.com

lovvlens.com

awesomequery.com

sohailacollection.com

Targets
Target

ORDER7946ERA-LBT.exe

MD5

b36e69f884b74fe568bdb7fdb06362cb

Filesize

664KB

Score
10 /10
SHA1

e17782339164117645128597cfd22152c80cf229

SHA256

9f578e7bf0375c366223406cd1504c79feb2f2408f88ffbccc22cd1bc3237389

SHA512

ab22ad98a9a14be9607e7205384cf77e937715fcbd90f2dad240d0992094c6f0e945db0eca96081dc4728b22fe658cfb6936e123ebf1b802e045e433e2ea7792

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Formbook Payload

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    3/10