Overview

overview

10

Static

static

Duty check...er.exe

windows7_x64

1

Duty check...er.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Duty checklist and PTP letter.exe

  • Size

    947KB

  • Sample

    210112-jfcj8cnc1s

  • MD5

    0a60258ac45444b45714c4f4d5b3a56a

  • SHA1

    d24967d3f5f2e7fd1966525fe47ffbf26f5df23f

  • SHA256

    f8efa3021228dad9812ac764085f791117265d9859bfb5ed21e07f04f1cb0b5f

  • SHA512

    a5046ea57587541d069bf5d4dfdae272f080b63bf00895d2601901d43285e48686d71eee2b983c2d19c8ec7d0725780874f175e4bf03898a2dcc028b3b199615

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.deejayatl.com/khm/

Decoy

bizzglobal.com

sura-solutions.com

zhaofu7.com

electricindians.com

thedirtyreds.com

graalmilitaryofficial.com

yx-vinylglove.com

e-zenithonline.com

iric-canada.net

solrsmrtnrg.com

terdissuadablesouthe.net

farhadmagic.com

mysimplenook.com

melkavand.com

swirlinginlimbo.com

dentist-sandimas.com

88265536.com

88q18.com

kogiz.com

hasbiadam.com

Targets

    • Target

      Duty checklist and PTP letter.exe

    • Size

      947KB

    • MD5

      0a60258ac45444b45714c4f4d5b3a56a

    • SHA1

      d24967d3f5f2e7fd1966525fe47ffbf26f5df23f

    • SHA256

      f8efa3021228dad9812ac764085f791117265d9859bfb5ed21e07f04f1cb0b5f

    • SHA512

      a5046ea57587541d069bf5d4dfdae272f080b63bf00895d2601901d43285e48686d71eee2b983c2d19c8ec7d0725780874f175e4bf03898a2dcc028b3b199615

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks