Overview

overview

10

Static

static

1

Shipping I...t..exe

windows7_x64

7

Shipping I...t..exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Shipping INVOICE-BL Shipment..exe

  • Size

    427KB

  • Sample

    201126-3dcqmwfr4n

  • MD5

    579ba39b6a146080ef6481591440e445

  • SHA1

    06bfc3b47e1ad6a35e10cb4a1edee6c563710107

  • SHA256

    d8d9bb65ea3637fda09488baada0c9b387e0619b7c430b93c8a0fa2d8b489bc1

  • SHA512

    bc2c920da35971ea6a6dfa8fc4f49829d6ba1eeae9589207b1f77a6e5f66d66dcb87396aadce266a61652f6fdfbe40503b9183af5f5ce26fa6cc9218df1597b9

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.jddq888.com/mqgf/

Decoy

decart.pro

qbluebaylivewd.com

idsbizb.icu

kepamieszczanska.com

greenislandcbg.com

usloader.site

auchandirect.sucks

relacionesdehechizo.com

slabrshop.com

cycheal.com

mycoaiko.com

prettythingsbyjessi.com

gettingthehelloutofca.com

reseachminister.com

techwomenlife.com

perfectfeelin.com

ez-mouse.com

thelonerangernews.com

hvcharging.com

caelaabadie.com

Targets

    • Target

      Shipping INVOICE-BL Shipment..exe

    • Size

      427KB

    • MD5

      579ba39b6a146080ef6481591440e445

    • SHA1

      06bfc3b47e1ad6a35e10cb4a1edee6c563710107

    • SHA256

      d8d9bb65ea3637fda09488baada0c9b387e0619b7c430b93c8a0fa2d8b489bc1

    • SHA512

      bc2c920da35971ea6a6dfa8fc4f49829d6ba1eeae9589207b1f77a6e5f66d66dcb87396aadce266a61652f6fdfbe40503b9183af5f5ce26fa6cc9218df1597b9

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks