dllhost.exe

General
Target

dllhost.exe

Size

448KB

Sample

211020-mz9snahhaj

Score
10 /10
MD5

c78d5e89ebecb4d88d3ab36bc47fd7ba

SHA1

476733e0eb88a9dce2a65200c23ddd0d5f2b3496

SHA256

9b6b00b331ea48d5477fbd0ec6e168407dcec59c758eb797c9672d2f74dba12a

SHA512

a4de582e5f599ad11c60dbdb7e7ded18c004f956ec84eb379f30ebd1e83eb3fe938fab821038dcf6c1dff839b329ff85ab556fd75f54e70e332ff25415ddfddb

Malware Config

Extracted

Family formbook
Version 4.1
Campaign kzk9
C2

http://www.yourmajordomo.com/kzk9/

Decoy

tianconghuo.club

1996-page.com

ourtownmax.net

conservativetreehose.com

synth.repair

donnachicacreperia.com

tentfull.com

weapp.download

surfersink.com

gattlebusinessservices.com

sebastian249.com

anhphuc.company

betternatureproducts.net

defroplate.com

seattlesquidsquad.com

polarjob.com

lendingadvantage.com

angelsondope.com

goportjitney.com

tiendagrupojagr.com

self-care360.com

foreignexchage.com

loan-stalemate.info

hrsimrnsingh.com

laserobsession.com

primetimesmagazine.com

teminyulon.xyz

kanoondarab.com

alpinefall.com

tbmautosales.com

4g2020.com

libertyquartermaster.com

flavorfalafel.com

generlitravel.com

solvedfp.icu

jamnvibez.com

zmx258.com

doudiangroup.com

dancecenterwest.com

ryantheeconomist.com

beeofthehive.com

bluelearn.world

vivalasplantas.com

yumiacraftlab.com

shophere247365.com

enjoybespokenwords.com

windajol.com

ctgbazar.xyz

afcerd.com

dateprotect.com

Targets
Target

dllhost.exe

MD5

c78d5e89ebecb4d88d3ab36bc47fd7ba

Filesize

448KB

Score
10/10
SHA1

476733e0eb88a9dce2a65200c23ddd0d5f2b3496

SHA256

9b6b00b331ea48d5477fbd0ec6e168407dcec59c758eb797c9672d2f74dba12a

SHA512

a4de582e5f599ad11c60dbdb7e7ded18c004f956ec84eb379f30ebd1e83eb3fe938fab821038dcf6c1dff839b329ff85ab556fd75f54e70e332ff25415ddfddb

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • Formbook Payload

    Tags

  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation