Overview

overview

10

Static

static

c8a424ac6d...65.exe

windows7_x64

10

c8a424ac6d...65.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c8a424ac6d2d705431df352aa2b42165.exe

  • Size

    862KB

  • Sample

    201204-wtc9ecykys

  • MD5

    c8a424ac6d2d705431df352aa2b42165

  • SHA1

    278c7e7c1d8d88be0104c3f95597d282f2ca236a

  • SHA256

    9a176cf24fa09ec01bb6e51507849fa8aad355bb25eba73ce43f63579997633a

  • SHA512

    e11ed5680784ba2c491682dd9287be66b01a602b8deea84db20b6032426ccdd6b1e08ef134cd3853f5dc65ff998f44b499f85859ab0ee3ee4b1c279e19678c1d

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.absbeautytechgeeks.com/coz3/

Decoy

penrosecondos-official.com

kapkwata.com

snhdt.net

ludibeauty.com

lightcarcompany.com

midwestsupplyus.net

ourvideoindalastexas.com

jemadvee.com

policedeptgrants.com

piiiz.com

cristaopraticante.com

rewa-service.com

marijuanachoices.com

bienvenuelesnouveaux.com

contactmanagementsystems.com

besteggcreditcard.com

mypetwellnessstore.com

systemstogrowbusiness.com

4winner.xyz

eitalasqueira.com

Targets

    • Target

      c8a424ac6d2d705431df352aa2b42165.exe

    • Size

      862KB

    • MD5

      c8a424ac6d2d705431df352aa2b42165

    • SHA1

      278c7e7c1d8d88be0104c3f95597d282f2ca236a

    • SHA256

      9a176cf24fa09ec01bb6e51507849fa8aad355bb25eba73ce43f63579997633a

    • SHA512

      e11ed5680784ba2c491682dd9287be66b01a602b8deea84db20b6032426ccdd6b1e08ef134cd3853f5dc65ff998f44b499f85859ab0ee3ee4b1c279e19678c1d

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks