Overview

overview

10

Static

static

SHIPPING.EXE

windows7_x64

10

SHIPPING.EXE

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SHIPPING.EXE

  • Size

    1.3MB

  • Sample

    201204-3magwd5hza

  • MD5

    605cf377bf21b9d80373fa97868cba2f

  • SHA1

    6a1447cf15b15d12fafef025eac7ae6179e76a67

  • SHA256

    e4a37068ee17c112f9d33e3151e260f85e9a8b200b4958caf569cf6076447ea1

  • SHA512

    e199fb4c0d2beff4e58ab4398287f4d2514b5bdf0599cc9ee7e0c346832df97fa3a1f06997bd044a3618099e579f3341e0542fc7530052d0a718a213698c7d4b

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.rizrvd.com/bw82/

Decoy

fundamentaliemef.com

gallerybrows.com

leadeligey.com

octoberx2.online

climaxnovels.com

gdsjgf.com

curateherstories.com

blacksailus.com

yjpps.com

gmobilet.com

fcoins.club

foreverlive2027.com

healthyfifties.com

wmarquezy.com

housebulb.com

thebabyfriendly.com

primajayaintiperkasa.com

learnplaychess.com

chrisbubser.digital

xn--avenr-wsa.com

Targets

    • Target

      SHIPPING.EXE

    • Size

      1.3MB

    • MD5

      605cf377bf21b9d80373fa97868cba2f

    • SHA1

      6a1447cf15b15d12fafef025eac7ae6179e76a67

    • SHA256

      e4a37068ee17c112f9d33e3151e260f85e9a8b200b4958caf569cf6076447ea1

    • SHA512

      e199fb4c0d2beff4e58ab4398287f4d2514b5bdf0599cc9ee7e0c346832df97fa3a1f06997bd044a3618099e579f3341e0542fc7530052d0a718a213698c7d4b

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks