Payment receipt.pdf.exe

General
Target

Payment receipt.pdf.exe

Size

821KB

Sample

211021-nwqfaabahn

Score
10 /10
MD5

b23c8de2a3a56e2fb8bacb085dbd9d19

SHA1

5957dbee0b2b200110787aac267be09bcecbeda2

SHA256

027eae741aaf031d2edcdc08920457e4c2e641c33847d67705d791f124b7781e

SHA512

a696b8e4cdbca841f2ecae342d8aa61c9ac9adc0849e69c715f3f3ce7b5195711bf4a22ad8c2add5bf1962d6a6cb18b751abbe73711699bce59199bd09ad2a63

Malware Config

Extracted

Family formbook
Version 4.1
Campaign mo9n
C2

http://www.lievival.info/mo9n/

Decoy

circuit-town.com

stock-high.xyz

barlindelivery.com

littletoucans.com

bright-tailor.com

firsthandcares.com

ecompropeller.com

circuitoalberghiero.net

creative-egyptps.com

bitracks56.com

douhonghong.com

fingertipcollection.com

happy-bihada.space

blockchainairdropreward.com

xn--reljame-jwa.com

polloycarnesdelivery.com

d22.group

eslamshahrservice.com

vanzing.com

juzide.com

g5795ky.com

ufound1.com

cifbit.com

shawtopia.com

tourmethere.com

heritagepedia.com

832391.com

voltera.solar

greatergods.com

shchengtang.com

oyakudachibiz.com

kentislandeats.com

quietaou.com

infinitephoenix.club

tmrtg.com

menes.digital

sefappliancerepair.com

tnghana.com

tanyan.xyz

findyourtrailhead.com

labizandbryan.com

agnesdesigner.net

lebai100.com

lz-fcaini1718-hw0917-bs.xyz

nucleustudio.com

smartsparklegal.com

streets4suites.com

neo-graphite.com

maquinariaarenastlaxmexcom.com

svartmancoaching.com

Targets
Target

Payment receipt.pdf.exe

MD5

b23c8de2a3a56e2fb8bacb085dbd9d19

Filesize

821KB

Score
10 /10
SHA1

5957dbee0b2b200110787aac267be09bcecbeda2

SHA256

027eae741aaf031d2edcdc08920457e4c2e641c33847d67705d791f124b7781e

SHA512

a696b8e4cdbca841f2ecae342d8aa61c9ac9adc0849e69c715f3f3ce7b5195711bf4a22ad8c2add5bf1962d6a6cb18b751abbe73711699bce59199bd09ad2a63

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • Formbook Payload

    Tags

  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation