pedido urgente pdf.exe

General
Target

pedido urgente pdf.exe

Size

973KB

Sample

211021-nfzc9abafr

Score
10 /10
MD5

42c8d23c057b69d3059dfd7bb4af736e

SHA1

a5f7fe4e31d69c1e452f513ba79b57ef57079b23

SHA256

d90b2ee420fc51d84a0c3c3fe2ae4e13b6313cd030be264440538a396dfe7956

SHA512

b524f68ed82306acbc3422f6475071bb05e3c9e72510a70784e08f9b2561b962beba6847e4679bd24247c7899e84b7799b2f1171decab195a456e181725f3ad6

Malware Config

Extracted

Family formbook
Version 4.1
Campaign n7ak
C2

http://www.kmresults.com/n7ak/

Decoy

modischoolcbse.com

theneverwinter.com

rszkjx-vps-hosting.website

fnihil.com

1pbet.com

nnowzscorrez.com

uaotgvjl.icu

starmapsqatar.com

ekisilani.com

extradeepsheets.com

jam-nins.com

buranly.com

orixentertainment.com

rawtech.energy

myol.guru

utex.club

jiapie.com

wowig.store

wweidlyyl.com

systaskautomation.com

citromudas3a.com

plasticstone.icu

pawchamamapet.com

beautybybby.com

mor-n-mor.com

getoffyourhighhorses.com

chieucaochoban9.xyz

grahamevansmp.com

amplaassessoria.net

nutricookindia.com

wazymbex.icu

joansironing.com

hallforless.com

mycourseprofits.com

precps.com

cookislandstourismpodcast.com

bestonlinedealslive.com

bug.chat

ptjbtoqonjtrwpvkfgmjvwp.com

tortniespodzianka.store

qxkbjgj.icu

aurashape.com

guinealive.com

mondialeresources.com

offthebreak.site

maxamproductivity.com

thebiztip.com

thelocalrea.com

laeducacionadistancia.com

inpakgroup.com

Targets
Target

pedido urgente pdf.exe

MD5

42c8d23c057b69d3059dfd7bb4af736e

Filesize

973KB

Score
10 /10
SHA1

a5f7fe4e31d69c1e452f513ba79b57ef57079b23

SHA256

d90b2ee420fc51d84a0c3c3fe2ae4e13b6313cd030be264440538a396dfe7956

SHA512

b524f68ed82306acbc3422f6475071bb05e3c9e72510a70784e08f9b2561b962beba6847e4679bd24247c7899e84b7799b2f1171decab195a456e181725f3ad6

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • Formbook Payload

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation