Overview

overview

10

Static

static

M.V. CHIAN...df.exe

windows7_x64

10

M.V. CHIAN...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    M.V. CHIANG TUN_pdf.exe

  • Size

    852KB

  • Sample

    210112-tzswzl39x2

  • MD5

    e16fc6dd80b2adb86bfdcd9f4fe6a787

  • SHA1

    ccc534305f283b657c7ac9ddcbdbc321da08f95f

  • SHA256

    f8a388fc032aa7fdf80ed5bad850e3429ee27614bd6152efaa090fc77ad3bc6a

  • SHA512

    f913c2810853d0a76c9661f5ed51673a1c1602c8f6b1cfc4c06d9e0c4cc7a002efd6bd2c0189fe4ead15f1cc42181059bbc8cafabc08c7c6817b56e6ab26081e

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.huynhanhdung.com/kna/

Decoy

lawrencefiredepartment.com

executivehomeoffices.com

solfed.world

oshawaexchange.com

webdavlexstore.com

youpieb.com

chiller-master.com

bearstoragetn.com

daf90x16.com

gewhacaalouine.com

simplyezi.com

cstechnologyservices.com

nosyboats.com

thecocomarie.com

vetinaryeco.club

americangoselfilm.com

gdsuhejia.com

verbunden-sein.net

the-minerva.com

loctrantv.com

Targets

    • Target

      M.V. CHIANG TUN_pdf.exe

    • Size

      852KB

    • MD5

      e16fc6dd80b2adb86bfdcd9f4fe6a787

    • SHA1

      ccc534305f283b657c7ac9ddcbdbc321da08f95f

    • SHA256

      f8a388fc032aa7fdf80ed5bad850e3429ee27614bd6152efaa090fc77ad3bc6a

    • SHA512

      f913c2810853d0a76c9661f5ed51673a1c1602c8f6b1cfc4c06d9e0c4cc7a002efd6bd2c0189fe4ead15f1cc42181059bbc8cafabc08c7c6817b56e6ab26081e

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks