pending orders0308 D2101002610 pdf.exe

General
Target

pending orders0308 D2101002610 pdf.exe

Size

1MB

Sample

210421-a6fzymmxjx

Score
10 /10
MD5

346fb2689c7f90207ce5df0b60be8b14

SHA1

3eee0df26d21393485821a95c2beffc8797d090b

SHA256

6a900970eda971ac9e4cc4263b78b6145ef6c5a94783c572805fdf3c85a8503a

SHA512

9875b395dc34b35f011916d89f3647b155821a4627256d1a7fd3c7af655dcec1e153b1ddcd764e957a404547c4cb6b930afbc358f065ec9671030cf82edf02f8

Malware Config

Extracted

Family formbook
Version 4.1
C2

http://www.gloomyca.com/chue/

Decoy

hairdewproducts.com

whssboys.net

visual-promotions.com

alsgotyaexteriorcleaning.com

conwayconsultant.com

sjlartistrydesign.info

organicroomservice.com

elatedscents.com

selfauthering.com

variablemonsters.com

thedietcop.com

openhouseshamptonroads.com

tyrantthemes.com

trumppowercatamarans.com

yznx.xyz

jshfoodpantry.com

larmealoeil.com

biztradelines.com

axawinterthur.sucks

inspiredtravels.net

newyorkbookforuminc.net

gawahjrrzibne.com

navigateur-remunerateur.com

jbsteppin.net

city-lytes.com

id.computer

niteowldigital.com

gemgpmprp.icu

nqmarket.com

bluefroggrill.com

lifeatdestiny.com

healthsofia.com

everestjsc.com

suntech-power-us.com

ourweddingwhiskey.com

mbbuildersambalapuzha.com

rcsnowplow.com

anleizhifu.com

wangsit.net

gilly.store

yuyiznkj.xyz

elkhornmtnconstructionllc.com

aboutrecipes.info

formusautomate.com

songpa.city

calumetphoto-exposure.info

pupcure.com

inpuelec.com

sogoodbiz.com

zhengtai-dg.com

Targets
Target

pending orders0308 D2101002610 pdf.exe

MD5

346fb2689c7f90207ce5df0b60be8b14

Filesize

1MB

Score
10 /10
SHA1

3eee0df26d21393485821a95c2beffc8797d090b

SHA256

6a900970eda971ac9e4cc4263b78b6145ef6c5a94783c572805fdf3c85a8503a

SHA512

9875b395dc34b35f011916d89f3647b155821a4627256d1a7fd3c7af655dcec1e153b1ddcd764e957a404547c4cb6b930afbc358f065ec9671030cf82edf02f8

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Formbook Payload

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1