Overview

overview

10

Static

static

1

anthon.exe

windows7_x64

10

anthon.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    anthon.exe

  • Size

    337KB

  • Sample

    201126-hegkcn6k5n

  • MD5

    ea85c89530ed6f12fd8b75451f37afd5

  • SHA1

    9ad88734ca8e7c7e0f09b89f244ca7f4a1f606a6

  • SHA256

    29f75d4db1b85197038c1ed08661ef0a72158ac895e6aac76526bab07d83c318

  • SHA512

    f89c1b3123f77616ee692cb0da7c35b1c095b2917015fa5e38140e1f6755e1937acab3e1269ce414e0c677446df5aa2dd923bf5e238d390c936dffac6311952b

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.wellnesspharma.net/94sb/

Decoy

kaligao.com

springsbounce.com

dreamytree.com

trylolows.com

butload.info

creperie-pancakesquare.com

mirajions.com

joineduphealthresources.net

hamradioblogs.com

linghuidz.com

atelierzeste.com

tweens.network

perteprampram03.net

connorneill.com

nannatech.com

chrmo.com

nanoring.info

mapomarket.com

bongkey.com

sdhhzp.com

Targets

    • Target

      anthon.exe

    • Size

      337KB

    • MD5

      ea85c89530ed6f12fd8b75451f37afd5

    • SHA1

      9ad88734ca8e7c7e0f09b89f244ca7f4a1f606a6

    • SHA256

      29f75d4db1b85197038c1ed08661ef0a72158ac895e6aac76526bab07d83c318

    • SHA512

      f89c1b3123f77616ee692cb0da7c35b1c095b2917015fa5e38140e1f6755e1937acab3e1269ce414e0c677446df5aa2dd923bf5e238d390c936dffac6311952b

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks