mpomzx.exe

General
Target

mpomzx.exe

Size

309KB

Sample

211125-vaxe2afggq

Score
10 /10
MD5

586f7a1895ea47a462b1d5f6a43fcd33

SHA1

c41cd420af421d31faede9294af1a2edc638d543

SHA256

1358d88e078f1c59b546256968179bf213928f1e6f4e7afa255681b2cd8f92a2

SHA512

2783c07faa3bba31c1a8bdc83ce338ea43ccb044f0af5adf2ede8b8f4534b86536f069b35fad8d6ed4413cc86fac0121632e9db39de919275403547ebff1a130

Malware Config

Extracted

Family formbook
Version 4.1
Campaign vngb
C2

http://www.gvlc0.club/vngb/

Decoy

omertalasvegas.com

payyep.com

modasportss.com

gestionestrategicadl.com

teamolemiss.club

geektranslate.com

versatileventure.com

athletic-hub.com

vitanovaretreats.com

padison8t.com

tutoeasy.com

ediblewholesale.com

kangrungao.com

satode.com

prohibitionfeeds.com

getmorevacations.com

blinkworldbeauty.com

kdlabsallr.com

almanasef.com

transportationservicellc.com

goodtime.photos

pkmpresensi.com

banddwoodworks.com

agoodhotel.com

sec-waliet.com

unitybookkeepingsolutions.com

msbyjenny.com

thefilipinostory.com

nez-care.com

jobsforjabless.com

joeyzelinka.com

springeqx.com

doubletreeankamall.com

tribal-treasures.com

kickbikedepot.com

ez.money

norpandco.com

alanavieira.online

studybugger.net

giaohangtietkiemhcm.com

soundlifeonline.com

mindbodyweightlossmethod.com

arcelius.one

executivecenterlacey.com

summergreenarea.com

skydaddy.guru

peblish.com

croworld.tools

99099888.com

48rmz6.biz

Targets
Target

mpomzx.exe

MD5

586f7a1895ea47a462b1d5f6a43fcd33

Filesize

309KB

Score
10 /10
SHA1

c41cd420af421d31faede9294af1a2edc638d543

SHA256

1358d88e078f1c59b546256968179bf213928f1e6f4e7afa255681b2cd8f92a2

SHA512

2783c07faa3bba31c1a8bdc83ce338ea43ccb044f0af5adf2ede8b8f4534b86536f069b35fad8d6ed4413cc86fac0121632e9db39de919275403547ebff1a130

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • Formbook Payload

    Tags

  • Deletes itself

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        1/10