Overview

overview

10

Static

static

payment ad...df.exe

windows7_x64

10

payment ad...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    payment advice00000789_pdf.exe

  • Size

    866KB

  • Sample

    210112-hs5jccmade

  • MD5

    a08fc6065952b6625893e48a8bc72106

  • SHA1

    7b4baec718caa9c5a3aa7cbe1d85121af68f810b

  • SHA256

    c3d490568e73f61c86d2d4c01e170bdcf3c0d3eb5e309ff3d3fb808a4a867a54

  • SHA512

    2edcf7922cdd41d2b30ef3abb734a79a21ace178f8ea100067077be7ff5aca470e2000f869b839aca27b86ea4da9bdefcbc408de19e4e461a082fe5c7c916974

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.aftabzahur.com/wgn/

Decoy

kokokara-life-blog.com

faswear.com

futureleadershiptoday.com

date4done.xyz

thecouponinn.com

bbeycarpetsf.com

propolisnasalspray.com

jinjudiamond.com

goodevectors.com

nehyam.com

evalinkapuppets.com

what-if-statistics.com

rateofrisk.com

impacttestonlinne.com

servis-kaydet.info

coloniacafe.com

marcemarketing.com

aarigging.com

goddesswitchery.com

jasqblo.icu

Targets

    • Target

      payment advice00000789_pdf.exe

    • Size

      866KB

    • MD5

      a08fc6065952b6625893e48a8bc72106

    • SHA1

      7b4baec718caa9c5a3aa7cbe1d85121af68f810b

    • SHA256

      c3d490568e73f61c86d2d4c01e170bdcf3c0d3eb5e309ff3d3fb808a4a867a54

    • SHA512

      2edcf7922cdd41d2b30ef3abb734a79a21ace178f8ea100067077be7ff5aca470e2000f869b839aca27b86ea4da9bdefcbc408de19e4e461a082fe5c7c916974

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks