ed43ff447cd5486610731a627a930607.exe

General
Target

ed43ff447cd5486610731a627a930607.exe

Size

1MB

Sample

210722-j4ajtmxrts

Score
10 /10
MD5

ed43ff447cd5486610731a627a930607

SHA1

91449c85fb2fa5d27f8db3c8c08cdfb9d3287162

SHA256

91cdb947644a5a802adac7583a79e7e560da38839489a02e7464730ff66fd004

SHA512

3bd5692c8b81221a2b1e83b17b36872fc664935ed14d6d645dd0efa6e2725c0c95598e4871b358092fbb406e8eb4600face90aa1b98fe5720fd4629ff2903a1d

Malware Config

Extracted

Family formbook
Version 4.1
C2

http://www.hometowncashbuyersgroup.com/kkt/

Decoy

inspirafutebol.com

customgiftshouston.com

mycreativelending.com

psplaystore.com

newlivingsolutionshop.com

dechefamsterdam.com

servicingl0ans.com

atsdholdings.com

manifestarz.com

sequenceanalytica.com

gethealthcaresmart.com

theartofsurprises.com

pirateequitypatrick.com

alliance-ce.com

wingrushusa.com

funtimespheres.com

solevux.com

antimasathya.com

profitexcavator.com

lankeboxshop.com

aarthiramamurthy.com

oldmopaiv.xyz

mavispaguzellik.com

milkamax.com

sputnikvasisi.com

gametoyou.com

sisconbol.com

thedreamcertificate.com

vichy-menuiserie.com

pv-step.com

growingmindstrilingual.com

tlcrentny.com

jedshomebuilders.com

curtailit.com

integruschamber.com

lanzamientosbimbocolombia.com

tightlinesfishingco.com

doubleuphome.com

arctic.solar

unstopabbledomains.com

aggiornamento-isp.info

clarkandhurnlaw.com

barefootbirthstl.com

seanfeuct.com

measureformeasurehome.com

stephsavy.com

loveflowersandevents.com

czsis.com

midnightblueinc.com

today.dental

Targets
Target

ed43ff447cd5486610731a627a930607.exe

MD5

ed43ff447cd5486610731a627a930607

Filesize

1MB

Score
10 /10
SHA1

91449c85fb2fa5d27f8db3c8c08cdfb9d3287162

SHA256

91cdb947644a5a802adac7583a79e7e560da38839489a02e7464730ff66fd004

SHA512

3bd5692c8b81221a2b1e83b17b36872fc664935ed14d6d645dd0efa6e2725c0c95598e4871b358092fbb406e8eb4600face90aa1b98fe5720fd4629ff2903a1d

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Formbook Payload

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1