NEW ORDER - BLL04658464.exe

General
Target

NEW ORDER - BLL04658464.exe

Size

641KB

Sample

210408-wbzqhptbzs

Score
10 /10
MD5

c43b615ee95f80f037b142b55decf144

SHA1

1cb557a6198866592dd0644d0561edafae222f06

SHA256

fea4f85475d53bbb39592cb92dc6588948b1dd218e4ac554749ffe1fc26ffc67

SHA512

189590db3368a348bf827f9e46970a64b29d95587dbbab7fbc0a000e51e3f5845bfbf8b8bf3a9a8c57273fce15d68ad9c7704daff2b37daae1b9b69aa7dac674

Malware Config

Extracted

Family formbook
Version 4.1
C2

http://www.bendhighswimming.com/crdi/

Decoy

propertyjumpstartwebinar.com

boc-vip.club

polestarnyc.com

travelonlinebiz.com

bukovynaent.com

bestfashoin.com

miniindiastore.com

wehatebillgates.com

holmescountyjusticecourt.com

colectivorenovemosjuntos.com

houstowarehouse.com

aocsw.com

sml-uniform.com

bandanasaint.com

petposhdeluxe.com

ezcscpawq.com

ladiesoption.club

refixu.com

selfwrrrth.com

rovietry.com

enaoc.com

karyolaw.com

diversitymarketingtx.net

browsersentenderbanco.net

samtheshepherd.com

nash-arbitrazh.com

gampang-kerja.tech

ereplacementparrts.com

eventmidasbuy14.com

sia-rikvel.com

top2016.net

686638.com

ton.blue

desktower.net

dbykq020.com

stack30.com

tiendasfotoprix.com

kylesmaier.com

ekmantsang.com

jumlasx.xyz

qingqingyuyin.com

cdnsubs.xyz

maxamoose.com

huelling.com

xn--bjrnnstet-z2a8q.online

betale-posten.com

lalatendu.info

nochipmanicure.net

bichat.website

washington32reds.com

Targets
Target

NEW ORDER - BLL04658464.exe

MD5

c43b615ee95f80f037b142b55decf144

Filesize

641KB

Score
10 /10
SHA1

1cb557a6198866592dd0644d0561edafae222f06

SHA256

fea4f85475d53bbb39592cb92dc6588948b1dd218e4ac554749ffe1fc26ffc67

SHA512

189590db3368a348bf827f9e46970a64b29d95587dbbab7fbc0a000e51e3f5845bfbf8b8bf3a9a8c57273fce15d68ad9c7704daff2b37daae1b9b69aa7dac674

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Formbook Payload

    Tags

  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1