Overview

overview

10

Static

static

SCAN_20210...df.exe

windows7_x64

10

SCAN_20210...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SCAN_20210112_132640143,pdf.exe

  • Size

    842KB

  • Sample

    210112-rw5nn2ykvx

  • MD5

    e079c68325f24f2ddd7c677d3d90393c

  • SHA1

    9230905d50e7a13937bb1f076f63f0da962864c1

  • SHA256

    be770e407dcedcafe214f75273fbbbd7264c1c7c48dbc6da8764add43296adce

  • SHA512

    022a7f5285d9dfe6222761da6586a39915f2e03a0b494c47abcf32da2fe53dde7c963a089cf13c2dd68bce7fc88a532e8435dd6c319144597e037a2ec8bb019a

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.alterhigh.com/rmck/

Decoy

alltechengwork.com

shegotit.club

transactionshelper.com

aarhamworld.com

iitiansparth.com

beattymortgagepro.com

minipipette.com

bthefutureclothing.com

dressmids.com

multitype.one

searchtigo.com

thewildernessshed.store

pizzony.com

telescopiostop.com

commercialroof.guru

afiliatexcatalogo.com

hhzthg.com

keluojia.com

abergele.wales

finnexiia.com

Targets

    • Target

      SCAN_20210112_132640143,pdf.exe

    • Size

      842KB

    • MD5

      e079c68325f24f2ddd7c677d3d90393c

    • SHA1

      9230905d50e7a13937bb1f076f63f0da962864c1

    • SHA256

      be770e407dcedcafe214f75273fbbbd7264c1c7c48dbc6da8764add43296adce

    • SHA512

      022a7f5285d9dfe6222761da6586a39915f2e03a0b494c47abcf32da2fe53dde7c963a089cf13c2dd68bce7fc88a532e8435dd6c319144597e037a2ec8bb019a

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks