Sales_Order description.exe

General
Target

Sales_Order description.exe

Size

476KB

Sample

210408-zpjhykgb2x

Score
10 /10
MD5

9cf418b47ac9b4039e9d2f3073b525f0

SHA1

1cbd1fe3fcba287ccc7b1518e6da52918a1edda0

SHA256

9c6abdf1e5ff719e261ea153555b981cd907ba5f79f50943d679d59967eba445

SHA512

c5c5c0d190db2437039681746ce3d9e84666d6d660d86ec7e8ad3d8676e6b4bc32405b7fc6fadb025b3ed0a6555536be10a7015fcd3838226099e5b2da6df928

Malware Config

Extracted

Family formbook
Version 4.1
C2

http://www.discorddeno.land/suod/

Decoy

casirivimab.info

johnvogia.com

lzdafang.com

tarihmarketi.com

singalongpress.com

three60farms.com

websky.pro

jacketsmecca.com

magentos6.com

brooksideseniorapts.com

onewhistleandflags.com

naturopathe-valdoise-france.com

reflexmem.com

kurumsalpanel.com

bhuwarecruitment.com

exponentialhealth.online

posttensionrepairs.com

prbrokerllc.com

aashealthcarestaffing.com

pubgeventcenter.com

nashvilleluxuryrealty.com

okaygay.com

elizabethtatumphotog.com

saanvicreation.com

siouxfallsart.com

links-dentu.com

aitepizza.com

aguacatedemexico.com

59kaixin.com

dyatag.com

407wg.com

hustlrrrs.com

dreambux.online

alkolikoli.com

cabianca.net

dggdn.com

thebridgerealtygroup.com

concreteone.info

irawpowder.com

uu365ww.com

tattooankara.com

mobileshopmanager.com

bykarlisromero.com

mehmeterdas.com

prodezzadesign.com

mothersontex.com

ceim-recruit-sk.info

huayonlinewinner.com

xiongzhuai.com

peoplehrgroup.com

Targets
Target

Sales_Order description.exe

MD5

9cf418b47ac9b4039e9d2f3073b525f0

Filesize

476KB

Score
10 /10
SHA1

1cbd1fe3fcba287ccc7b1518e6da52918a1edda0

SHA256

9c6abdf1e5ff719e261ea153555b981cd907ba5f79f50943d679d59967eba445

SHA512

c5c5c0d190db2437039681746ce3d9e84666d6d660d86ec7e8ad3d8676e6b4bc32405b7fc6fadb025b3ed0a6555536be10a7015fcd3838226099e5b2da6df928

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Formbook Payload

    Tags

  • Nirsoft

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1