SecuriteInfo.com.Variant.Zusy.394472.15672.20727

General
Target

SecuriteInfo.com.Variant.Zusy.394472.15672.20727

Size

193KB

Sample

210722-see98x48pe

Score
10 /10
MD5

89cfb542cda6a428cc5c02feaf3c55f8

SHA1

9a0606c633ffe5ae4b6dcb7dcfba57b7e22cb05d

SHA256

b663fea76aadbf574e5bb9f704ad689ec10f0d720b0b9641e70b27494fe4cc17

SHA512

22fd691c761ec2ac5be4b3a9b682daf53abb3de05787d07474bc0e41a8c7bf001a10783f3eea6d7d70528dae1da13506e4370b16f3c02b7d92db9e6ffb2ac79b

Malware Config

Extracted

Family formbook
Version 4.1
C2

http://www.yjhlgg.com/grve/

Decoy

jrvinganimalexterminator.com

smallsyalls.com

po1c3.com

mencg.com

aussieenjoyment.today

espace22.com

aanmelding-desk.info

gallopshoes.com

nftsexy.com

ricosdulcesmexicanos.com

riseswift.com

thechicthirty.com

matdcg.com

alternet.today

creativehuesdesigns.com

rjkcrafts.com

lowdosemortgage.com

adoptahamster.com

wellness-sense.com

jacardcapital.com

pastiindonesia.com

lindsaynathan2021.com

brisbanemagicians.com

tvglanz.com

388384.com

mitgrim.com

endonelatrading.com

political.singles

ganjegirls.com

democratscancelled.com

ytzhubao.com

roiskylands.com

zamlgroup.com

winstonsalemathleticclub.com

62qtz2.com

caddyys.com

ecorarte.com

coonier.com

cbgmanhattan-hub.com

givanon.com

tioniis11.com

variceselite.com

tasaciona.com

hiphopeconomicdevelopment.com

citrixfile.com

piebuilder.com

drmetalpublishing.com

themesthatyoulike.com

vinhomes-phamhung.info

ardecentro.com

Targets
Target

SecuriteInfo.com.Variant.Zusy.394472.15672.20727

MD5

89cfb542cda6a428cc5c02feaf3c55f8

Filesize

193KB

Score
10 /10
SHA1

9a0606c633ffe5ae4b6dcb7dcfba57b7e22cb05d

SHA256

b663fea76aadbf574e5bb9f704ad689ec10f0d720b0b9641e70b27494fe4cc17

SHA512

22fd691c761ec2ac5be4b3a9b682daf53abb3de05787d07474bc0e41a8c7bf001a10783f3eea6d7d70528dae1da13506e4370b16f3c02b7d92db9e6ffb2ac79b

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Formbook Payload

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1