Overview

overview

10

Static

static

10

INVOICE_#24.exe

windows7_x64

10

INVOICE_#24.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INVOICE_#24.exe

  • Size

    396KB

  • Sample

    201109-2cpk5pdgsx

  • MD5

    15fc2ccb48e28c2001728c3b92022e3b

  • SHA1

    4745737dde241e42470a73303778e2ba37a6e761

  • SHA256

    20b27c73d6c337c95759c21e02e1e795fb7f07413e46f053e6e728c5de342dd9

  • SHA512

    e8d8d642ea33c26a6b54346a3819803fa6be37188a9fb25c33a96ff7696af5fb1c77f2de0e4bc4f26255c301b7324ea80a60c7b06e35c372a02845a306656d1b

Score
10/10
formbooksnakebotratsnakebotspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.govaj.com/bd2/

Decoy

coffeeflyer.com

joy-cars.com

excp0st.com

pancakesandprotein.com

teenboys.info

theperfectgiftshop.net

maomao2017.com

musiclabtacoma.com

taskrit.com

pthjxx.com

114man.com

worldsjsj.com

rjpmuztrygwn.online

casinotoponlineplay.technology

tm88z.com

navnoorkang.com

lazydogkennels.net

yisilv.com

usasubels.com

desperatehouse-lives.com

Targets

    • Target

      INVOICE_#24.exe

    • Size

      396KB

    • MD5

      15fc2ccb48e28c2001728c3b92022e3b

    • SHA1

      4745737dde241e42470a73303778e2ba37a6e761

    • SHA256

      20b27c73d6c337c95759c21e02e1e795fb7f07413e46f053e6e728c5de342dd9

    • SHA512

      e8d8d642ea33c26a6b54346a3819803fa6be37188a9fb25c33a96ff7696af5fb1c77f2de0e4bc4f26255c301b7324ea80a60c7b06e35c372a02845a306656d1b

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks