General
-
Target
http://allhomesrealestate.com.au/secured/098348893498/0399298398/0099299232/009382983.exe
-
Sample
210727-arpx67lxba
Score
10/10
Malware Config
Extracted
Family
formbook
Version
4.1
C2
http://www.hometowncashbuyersgroup.com/kkt/
Decoy
inspirafutebol.com
customgiftshouston.com
mycreativelending.com
psplaystore.com
newlivingsolutionshop.com
dechefamsterdam.com
servicingl0ans.com
atsdholdings.com
manifestarz.com
sequenceanalytica.com
gethealthcaresmart.com
theartofsurprises.com
pirateequitypatrick.com
alliance-ce.com
wingrushusa.com
funtimespheres.com
solevux.com
antimasathya.com
profitexcavator.com
lankeboxshop.com
Targets
-
-
Target
http://allhomesrealestate.com.au/secured/098348893498/0399298398/0099299232/009382983.exe
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-