Overview

overview

10

Static

static

RFQ January.exe

windows7_x64

10

RFQ January.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ January.exe

  • Size

    914KB

  • Sample

    210112-l7cpe6t4j6

  • MD5

    5c06a1860366ed65d2baba0844342b5e

  • SHA1

    0f75372b3010b9c9b70776ec6a0c1db85f6332ed

  • SHA256

    c079b62cce0d0718c3b1f26c3f0f359a7df94acf7e75aea710979fe338ea1f4f

  • SHA512

    00f7ae68aee9aa9530ba7b41f8be54cd58cfe4c8c29c88f2ac1afc50fe9e699f4053e13d2d018873d16c1483d2e336d289a78e9b15fb1be593fd5426fb9129f3

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.tokomw.com/wt8z/

Decoy

blerdofmouth.com

talkheavy33.com

beautynewsreport.com

ashihun83.icu

fexkehv.icu

athe3bina.online

qkshu5.com

legendsfxmarketsreview.com

irisalerts.com

valkings.com

fullyplanted.com

jackmiramusic.com

stationcamphockey.com

ahlfb.com

detailsmatterinc.com

allenkohler.com

artefactoshop.com

quefarra.com

preloved.mobi

queenstyle.salon

Targets

    • Target

      RFQ January.exe

    • Size

      914KB

    • MD5

      5c06a1860366ed65d2baba0844342b5e

    • SHA1

      0f75372b3010b9c9b70776ec6a0c1db85f6332ed

    • SHA256

      c079b62cce0d0718c3b1f26c3f0f359a7df94acf7e75aea710979fe338ea1f4f

    • SHA512

      00f7ae68aee9aa9530ba7b41f8be54cd58cfe4c8c29c88f2ac1afc50fe9e699f4053e13d2d018873d16c1483d2e336d289a78e9b15fb1be593fd5426fb9129f3

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks