ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://www.boygirlthing.com/by65/.

Database Entry


IOC ID:221834
IOC: http://www.boygirlthing.com/by65/
IOC Type :url
Threat Type :botnet_cc
Malware: Formbook
Malware alias:win.xloader
Confidence Level : Confidence level is high (100%)
First seen:2021-09-14 16:37:47 UTC
Last seen:never
UUID:1847f80a-157a-11ec-830d-42010aa4000a
Reporter @AndreGironda
Reward 5 credits from ThreatFox
Tags:Formbook
Reference: https://tria.ge/210914-qkwt2afgd7

Twitter
@AndreGironda
MITRE T1566.001
Date: 14 Sep 2021 14:20:11 +0200
Received: from mail0.cyborgit.net (206.189.85.44)
From: Eva Hielle Askerfelt <info@cyborgit.net>
Subject: Re: New Order of CB-15GL/ PO530
Message-ID: <20210914142011.76FC87BF7655E4DA@cyborgit.net>
Attachment Name: PO530CB.docx
Attachment SHA256: 7d112a9306ba2121e14956533476d52466a26a08300651d51ddeed035d9c8451
Workbook Stage URL: hXXp://198[.]46.199.161/fab/f[.]wbk
Executable Stage URL: hXXp://198[.]46.199.161/fab/vbc[.]exe
Stage Name: vbc.exe
Stage SHA256: b9e689a5747c9de079c7987ba2d9f215c0cd507d44ee33c45815184e62fc46cb
Unpacked Stage: 5ef8c5b489f54b9719e7bbfbd09b3c7c9134a3be8aec47fbb555dd894a696cd9