664920ea617d6c5f15c228b7374aa15f

General
Target

664920ea617d6c5f15c228b7374aa15f

Size

482KB

Sample

211021-yh4e4abfbj

Score
10 /10
MD5

664920ea617d6c5f15c228b7374aa15f

SHA1

3cdf04f5f2d732f0a199151ff35af27a4cce12aa

SHA256

65acd8c73c518c97a1539bc8e3f62fb8f06431d7030c6cc1463c855aec0ec46f

SHA512

ba40b25f6f45b32001929a7da37b512a8d642e0b45ca19ff0dc2edadf82982b84f8b9a51c9781c30226ec6c05cb12bb50ef252f227cf8d790d390a26400c5462

Malware Config

Extracted

Family formbook
Version 4.1
Campaign s18y
C2

http://www.agentpathleurre.space/s18y/

Decoy

jokes-online.com

dzzdjn.com

lizzieerhardtebnaryepptts.com

interfacehand.xyz

sale-m.site

block-facebook.com

dicasdamadrinha.com

maythewind.com

hasari.net

omnists.com

thevalley-eg.com

rdfj.xyz

szhfcy.com

alkalineage.club

fdf.xyz

absorplus.com

poldolongo.com

badassshirts.club

ferienwohnungenmv.com

bilboondokoak.com

ambrosiaaudio.com

lifeneurologyclub.com

femboys.world

blehmails.com

gametimebg.com

duytienauto.net

owerful.com

amedicalsupplyco.com

americonnlogistics.com

ateamautoglassga.com

clickstool.com

fzdzcnj.com

txtgo.xyz

izassist.com

3bangzhu.com

myesstyle.com

aek181129aek.xyz

daoxinghumaotest.com

jxdg.xyz

restorationculturecon.com

thenaturalnutrient.com

sportsandgames.info

spiderwebinar.net

erqgseidx.com

donutmastermind.com

aidatislemleri-govtr.com

weetsist.com

sunsetschoolportaits.com

exodusguarant.tech

gsnbls.top

Targets
Target

664920ea617d6c5f15c228b7374aa15f

MD5

664920ea617d6c5f15c228b7374aa15f

Filesize

482KB

Score
10/10
SHA1

3cdf04f5f2d732f0a199151ff35af27a4cce12aa

SHA256

65acd8c73c518c97a1539bc8e3f62fb8f06431d7030c6cc1463c855aec0ec46f

SHA512

ba40b25f6f45b32001929a7da37b512a8d642e0b45ca19ff0dc2edadf82982b84f8b9a51c9781c30226ec6c05cb12bb50ef252f227cf8d790d390a26400c5462

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Formbook Payload

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1