Overview

overview

10

Static

static

bf75ed61e1...dd.exe

windows7_x64

10

bf75ed61e1...dd.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf75ed61e1b1f7b310ec1d999077c4dd.exe

  • Size

    540KB

  • Sample

    201120-mbx5t3nq6e

  • MD5

    bf75ed61e1b1f7b310ec1d999077c4dd

  • SHA1

    cdced77e176e38ff459cdea08941de26861647cd

  • SHA256

    69357684ec8f83d428d2030db5f3d586718207e86457465e7fd37b3b4b7c4db2

  • SHA512

    d2fa7f6e1e41bebedbdba492a163b8388f2326b92d939e9352c32f5be5a311bb75e4374524b2b314b5a426763113935e00f4c81aacc26ed08e9c9dd356dd7510

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.teelinkz.com/o56q/

Decoy

wwithagency.com

globalcarebeds.com

wholesalefleuerdelis.com

not-taboo.com

datacd4u.com

autowarrantyworld.net

ussouthernhome.com

casabreo.com

cheapsupremetshirtssales.com

voteforjones2020.com

alloutdoorspeaker.com

teenpattiv.com

pantyhoseadults.com

crimson.school

heritagediscovery.info

summitsolutionsnow.com

tnicholson.design

the-trinity-project.com

californiapropiedades.com

thrust-board.com

Targets

    • Target

      bf75ed61e1b1f7b310ec1d999077c4dd.exe

    • Size

      540KB

    • MD5

      bf75ed61e1b1f7b310ec1d999077c4dd

    • SHA1

      cdced77e176e38ff459cdea08941de26861647cd

    • SHA256

      69357684ec8f83d428d2030db5f3d586718207e86457465e7fd37b3b4b7c4db2

    • SHA512

      d2fa7f6e1e41bebedbdba492a163b8388f2326b92d939e9352c32f5be5a311bb75e4374524b2b314b5a426763113935e00f4c81aacc26ed08e9c9dd356dd7510

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks