Sales_Order description.exe

Target

Size

476KB

Sample

210408-zpjhykgb2x

Score

10 ^/10

MD5

9cf418b47ac9b4039e9d2f3073b525f0

SHA1

1cbd1fe3fcba287ccc7b1518e6da52918a1edda0

SHA256

9c6abdf1e5ff719e261ea153555b981cd907ba5f79f50943d679d59967eba445

SHA512

c5c5c0d190db2437039681746ce3d9e84666d6d660d86ec7e8ad3d8676e6b4bc32405b7fc6fadb025b3ed0a6555536be10a7015fcd3838226099e5b2da6df928

Extracted

Family	formbook
Version	4.1
C2	http://www.discorddeno.land/suod/ http://www.discorddeno.land/suod/
Decoy	casirivimab.info johnvogia.com lzdafang.com tarihmarketi.com singalongpress.com three60farms.com websky.pro jacketsmecca.com magentos6.com brooksideseniorapts.com onewhistleandflags.com naturopathe-valdoise-france.com reflexmem.com kurumsalpanel.com bhuwarecruitment.com exponentialhealth.online posttensionrepairs.com prbrokerllc.com aashealthcarestaffing.com pubgeventcenter.com nashvilleluxuryrealty.com okaygay.com elizabethtatumphotog.com saanvicreation.com siouxfallsart.com links-dentu.com aitepizza.com aguacatedemexico.com 59kaixin.com dyatag.com 407wg.com hustlrrrs.com dreambux.online alkolikoli.com cabianca.net dggdn.com thebridgerealtygroup.com concreteone.info irawpowder.com uu365ww.com tattooankara.com mobileshopmanager.com bykarlisromero.com mehmeterdas.com prodezzadesign.com mothersontex.com ceim-recruit-sk.info huayonlinewinner.com xiongzhuai.com peoplehrgroup.com rasamrise.com craftsmanwork.com mysidewalkshops.com infinity-gps.com groentenenfruitbale.site patricktourandtransfer.com essexcomputing.co.uk cafelongvu.com annecy-taxi.com iirinc.com baileyscuppacrew.co.uk 1simpledrop.com manicomzaley.com rentlondonapartment.com casirivimab.info johnvogia.com lzdafang.com tarihmarketi.com singalongpress.com three60farms.com websky.pro jacketsmecca.com magentos6.com brooksideseniorapts.com onewhistleandflags.com naturopathe-valdoise-france.com reflexmem.com kurumsalpanel.com bhuwarecruitment.com exponentialhealth.online posttensionrepairs.com prbrokerllc.com aashealthcarestaffing.com pubgeventcenter.com nashvilleluxuryrealty.com okaygay.com elizabethtatumphotog.com saanvicreation.com siouxfallsart.com links-dentu.com aitepizza.com aguacatedemexico.com 59kaixin.com dyatag.com 407wg.com hustlrrrs.com dreambux.online alkolikoli.com cabianca.net dggdn.com thebridgerealtygroup.com concreteone.info irawpowder.com uu365ww.com tattooankara.com mobileshopmanager.com bykarlisromero.com mehmeterdas.com prodezzadesign.com mothersontex.com ceim-recruit-sk.info huayonlinewinner.com xiongzhuai.com peoplehrgroup.com rasamrise.com craftsmanwork.com mysidewalkshops.com infinity-gps.com groentenenfruitbale.site patricktourandtransfer.com essexcomputing.co.uk cafelongvu.com annecy-taxi.com iirinc.com baileyscuppacrew.co.uk 1simpledrop.com manicomzaley.com rentlondonapartment.com

Target

Sales_Order description.exe

MD5

9cf418b47ac9b4039e9d2f3073b525f0

Filesize

476KB

Score

10 ^/10

SHA1

1cbd1fe3fcba287ccc7b1518e6da52918a1edda0

SHA256

9c6abdf1e5ff719e261ea153555b981cd907ba5f79f50943d679d59967eba445

SHA512

c5c5c0d190db2437039681746ce3d9e84666d6d660d86ec7e8ad3d8676e6b4bc32405b7fc6fadb025b3ed0a6555536be10a7015fcd3838226099e5b2da6df928

Signatures

Formbook

Description

Formbook is a data stealing malware which is capable of stealing data.

Tags

trojan spyware stealer formbook
Formbook Payload

Tags

rat
Nirsoft
Executes dropped EXE
Deletes itself
Loads dropped DLL
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

formbook rat spyware stealer trojan

10^/10

behavioral2

formbook rat spyware stealer trojan

10^/10

Extracted

Tags

Signatures

Formbook

Description

Tags

Formbook Payload

Tags

Nirsoft

Executes dropped EXE

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2