Overview

overview

10

Static

static

064ea7267c...4d.exe

windows7_x64

10

064ea7267c...4d.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    064ea7267c6a304cbba118aaf852654d.exe

  • Size

    856KB

  • Sample

    201204-9jaer53qp2

  • MD5

    064ea7267c6a304cbba118aaf852654d

  • SHA1

    a77a11bf10e16cfd1eb0f87d97caa6f5d3f5ab02

  • SHA256

    f38659e0b47cf0d1c0a61aa87256fdf60d04b2f41a935995b2346849f2f6b246

  • SHA512

    c8fa75e9afa3e1cf3a183dd3dfe6f6117df01d93dac4def823661dd28b51d8994a2b3e8fad21034d122de6de7eab77bd7e7fd0105c57a464164ce45e917bd3a5

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.cna-notary.com/mz59/

Decoy

shop-mommybag.com

mojoshopapp.com

studentsafetysheild.online

raelynnsteffensmeier.com

sourcemedicine.care

boutiquedinka.com

superdopehouseplant.com

royalsnout.com

batching-plants.net

macijanie.com

tempolasvegas.com

lastlaughcomics.net

bestpodstudio.com

mesonbuild.xyz

avtobluz.net

mamentos.info

smartropeofficial.com

space-ghost.com

dgysmedical.com

pellatrap.net

Targets

    • Target

      064ea7267c6a304cbba118aaf852654d.exe

    • Size

      856KB

    • MD5

      064ea7267c6a304cbba118aaf852654d

    • SHA1

      a77a11bf10e16cfd1eb0f87d97caa6f5d3f5ab02

    • SHA256

      f38659e0b47cf0d1c0a61aa87256fdf60d04b2f41a935995b2346849f2f6b246

    • SHA512

      c8fa75e9afa3e1cf3a183dd3dfe6f6117df01d93dac4def823661dd28b51d8994a2b3e8fad21034d122de6de7eab77bd7e7fd0105c57a464164ce45e917bd3a5

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks