NEW ORDER - BLL04658464.exe

Target

Size

641KB

Sample

210408-wbzqhptbzs

Score

10 ^/10

MD5

c43b615ee95f80f037b142b55decf144

SHA1

1cb557a6198866592dd0644d0561edafae222f06

SHA256

fea4f85475d53bbb39592cb92dc6588948b1dd218e4ac554749ffe1fc26ffc67

SHA512

189590db3368a348bf827f9e46970a64b29d95587dbbab7fbc0a000e51e3f5845bfbf8b8bf3a9a8c57273fce15d68ad9c7704daff2b37daae1b9b69aa7dac674

Extracted

Family	formbook
Version	4.1
C2	http://www.bendhighswimming.com/crdi/ http://www.bendhighswimming.com/crdi/
Decoy	propertyjumpstartwebinar.com boc-vip.club polestarnyc.com travelonlinebiz.com bukovynaent.com bestfashoin.com miniindiastore.com wehatebillgates.com holmescountyjusticecourt.com colectivorenovemosjuntos.com houstowarehouse.com aocsw.com sml-uniform.com bandanasaint.com petposhdeluxe.com ezcscpawq.com ladiesoption.club refixu.com selfwrrrth.com rovietry.com enaoc.com karyolaw.com diversitymarketingtx.net browsersentenderbanco.net samtheshepherd.com nash-arbitrazh.com gampang-kerja.tech ereplacementparrts.com eventmidasbuy14.com sia-rikvel.com top2016.net 686638.com ton.blue desktower.net dbykq020.com stack30.com tiendasfotoprix.com kylesmaier.com ekmantsang.com jumlasx.xyz qingqingyuyin.com cdnsubs.xyz maxamoose.com huelling.com xn--bjrnnstet-z2a8q.online betale-posten.com lalatendu.info nochipmanicure.net bichat.website washington32reds.com centrodesaludcrecer.com phihoteldeimedaglioni.com kilmalliefarms.com icecreamsocialwp.com mac-makeup.club elzooz.com iqomw.com bestattorneycle.com startonsocial.com purensoessentials.com therealyolandafay.com feildwolf.com nativesupps.com nbatimeout.com propertyjumpstartwebinar.com boc-vip.club polestarnyc.com travelonlinebiz.com bukovynaent.com bestfashoin.com miniindiastore.com wehatebillgates.com holmescountyjusticecourt.com colectivorenovemosjuntos.com houstowarehouse.com aocsw.com sml-uniform.com bandanasaint.com petposhdeluxe.com ezcscpawq.com ladiesoption.club refixu.com selfwrrrth.com rovietry.com enaoc.com karyolaw.com diversitymarketingtx.net browsersentenderbanco.net samtheshepherd.com nash-arbitrazh.com gampang-kerja.tech ereplacementparrts.com eventmidasbuy14.com sia-rikvel.com top2016.net 686638.com ton.blue desktower.net dbykq020.com stack30.com tiendasfotoprix.com kylesmaier.com ekmantsang.com jumlasx.xyz qingqingyuyin.com cdnsubs.xyz maxamoose.com huelling.com xn--bjrnnstet-z2a8q.online betale-posten.com lalatendu.info nochipmanicure.net bichat.website washington32reds.com centrodesaludcrecer.com phihoteldeimedaglioni.com kilmalliefarms.com icecreamsocialwp.com mac-makeup.club elzooz.com iqomw.com bestattorneycle.com startonsocial.com purensoessentials.com therealyolandafay.com feildwolf.com nativesupps.com nbatimeout.com

Target

NEW ORDER - BLL04658464.exe

MD5

c43b615ee95f80f037b142b55decf144

Filesize

641KB

Score

10 ^/10

SHA1

1cb557a6198866592dd0644d0561edafae222f06

SHA256

fea4f85475d53bbb39592cb92dc6588948b1dd218e4ac554749ffe1fc26ffc67

SHA512

189590db3368a348bf827f9e46970a64b29d95587dbbab7fbc0a000e51e3f5845bfbf8b8bf3a9a8c57273fce15d68ad9c7704daff2b37daae1b9b69aa7dac674

Signatures

Formbook

Description

Formbook is a data stealing malware which is capable of stealing data.

Tags

trojan spyware stealer formbook
Formbook Payload

Tags

rat
Deletes itself
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

System Information Discovery

Execution

Command-Line Interface

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

formbook rat spyware stealer trojan

10^/10

behavioral2

formbook rat spyware stealer trojan

10^/10

Extracted

Tags

Signatures

Formbook

Description

Tags

Formbook Payload

Tags

Deletes itself

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2