Overview

overview

10

Static

static

20210111140930669.exe

windows7_x64

10

20210111140930669.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20210111140930669.exe

  • Size

    868KB

  • Sample

    210111-zgpmd8mhlx

  • MD5

    55a9f49ac7b18c445a01aa766954a68d

  • SHA1

    73ebd37572a79adec31ceefda6bfec90a9f70f3a

  • SHA256

    1b6a34ba043c45cfc63367a5a35d3c58b074d723c666d018b3c4c0d950e42b40

  • SHA512

    50d1c160637c22e51432ac86e38f3e9e941069859ea02d62df505cb7e7190ba8282b0462520c0879798e1f3509283d2e13b5f3ef61bfe8a8699a18fc0cb482ef

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.midnightblueinc.com/2kf/

Decoy

edmondscakes.com

doublewldr.online

tickets2usa.com

heyhxry.com

weightloss-gulfport.com

prosselius.com

newviewroofers.com

jacksonarearealestate.com

catparkas.xyz

pagos2020.com

sonwsefjrahi.online

franchisethings.com

nuocvietngaynay.com

sohelvai.com

mikeyroush.com

lamesaroofing.com

betbigo138.com

amazon-service-recovery.com

clockin.net

riostrader.com

Targets

    • Target

      20210111140930669.exe

    • Size

      868KB

    • MD5

      55a9f49ac7b18c445a01aa766954a68d

    • SHA1

      73ebd37572a79adec31ceefda6bfec90a9f70f3a

    • SHA256

      1b6a34ba043c45cfc63367a5a35d3c58b074d723c666d018b3c4c0d950e42b40

    • SHA512

      50d1c160637c22e51432ac86e38f3e9e941069859ea02d62df505cb7e7190ba8282b0462520c0879798e1f3509283d2e13b5f3ef61bfe8a8699a18fc0cb482ef

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks