Overview

overview

10

Static

static

Quotationv.exe

windows7_x64

10

Quotationv.exe

windows10_x64

10

Resubmissions

14-09-2023 16:50

230914-vccteadd3x 10

10-08-2020 09:13

200810-2b9zl1cdns 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quotationv.exe

  • Size

    669KB

  • Sample

    200810-2b9zl1cdns

  • MD5

    52cfc15a97799e70a8b4a39b04bc8e2b

  • SHA1

    2cfa4daab21dd8115167a3ccba0080f5fdad63ff

  • SHA256

    f910b739d3d727fc1f5acde88b0740a575c603dc6c61246156c5debd6bd126bc

  • SHA512

    95b7d0c4942703ebfec9d405bfe08efd1f11c2af3b9f65e05bef5afb3440fabcff5e5733de9bec824331d6b22c26e72419e25ca66a6948c07c0c4d4cc98fcdc3

Score
10/10
formbookevasionratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.fex-tracks.com/pdup/

Decoy

mycharlesschwab.com

casinocode.online

lesliemostellerart.com

cdtevergreen.com

jualpenirumasli.com

lvyouonline.com

moteaiai.com

coachmo13.com

lampungtimur.com

sellmycapecodhouse.com

wearschool.com

onlinekazancyollari.com

ubmotherhood.com

sqyxedu.com

sibate518.com

energygv.com

sathsathhain.com

paperghostsbook.com

investinbritain.net

tansuokeji.ink

Targets

    • Target

      Quotationv.exe

    • Size

      669KB

    • MD5

      52cfc15a97799e70a8b4a39b04bc8e2b

    • SHA1

      2cfa4daab21dd8115167a3ccba0080f5fdad63ff

    • SHA256

      f910b739d3d727fc1f5acde88b0740a575c603dc6c61246156c5debd6bd126bc

    • SHA512

      95b7d0c4942703ebfec9d405bfe08efd1f11c2af3b9f65e05bef5afb3440fabcff5e5733de9bec824331d6b22c26e72419e25ca66a6948c07c0c4d4cc98fcdc3

    Score
    10/10
    ratevasiontrojanspywarestealerformbook

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks