imágenes de productos pdf.exe

General
Target

imágenes de productos pdf.exe

Size

973KB

Sample

211021-nf1w3sbagj

Score
10 /10
MD5

1e01b5e7d7e52dc849c271f8327fabd6

SHA1

efa560d817c867c38c4a75519830abacb4be2812

SHA256

a192572433f8f1a41f0035e040f0f455608b6eb9695cbb87c9734f3a4bf7d4cc

SHA512

6d7e41f576f88d6a2c3ab951db921def360cd8fe2db8dc542edfbe93a6f8ab10d6ba96538239ac158bdb43f2b14bfc562da6870fd85297c3690b40c5b5b3658e

Malware Config

Extracted

Family formbook
Version 4.1
Campaign n7ak
C2

http://www.kmresults.com/n7ak/

Decoy

modischoolcbse.com

theneverwinter.com

rszkjx-vps-hosting.website

fnihil.com

1pbet.com

nnowzscorrez.com

uaotgvjl.icu

starmapsqatar.com

ekisilani.com

extradeepsheets.com

jam-nins.com

buranly.com

orixentertainment.com

rawtech.energy

myol.guru

utex.club

jiapie.com

wowig.store

wweidlyyl.com

systaskautomation.com

citromudas3a.com

plasticstone.icu

pawchamamapet.com

beautybybby.com

mor-n-mor.com

getoffyourhighhorses.com

chieucaochoban9.xyz

grahamevansmp.com

amplaassessoria.net

nutricookindia.com

wazymbex.icu

joansironing.com

hallforless.com

mycourseprofits.com

precps.com

cookislandstourismpodcast.com

bestonlinedealslive.com

bug.chat

ptjbtoqonjtrwpvkfgmjvwp.com

tortniespodzianka.store

qxkbjgj.icu

aurashape.com

guinealive.com

mondialeresources.com

offthebreak.site

maxamproductivity.com

thebiztip.com

thelocalrea.com

laeducacionadistancia.com

inpakgroup.com

Targets
Target

imágenes de productos pdf.exe

MD5

1e01b5e7d7e52dc849c271f8327fabd6

Filesize

973KB

Score
10 /10
SHA1

efa560d817c867c38c4a75519830abacb4be2812

SHA256

a192572433f8f1a41f0035e040f0f455608b6eb9695cbb87c9734f3a4bf7d4cc

SHA512

6d7e41f576f88d6a2c3ab951db921def360cd8fe2db8dc542edfbe93a6f8ab10d6ba96538239ac158bdb43f2b14bfc562da6870fd85297c3690b40c5b5b3658e

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • Formbook Payload

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation