Overview

overview

10

Static

static

13012021.exe

windows7_x64

10

13012021.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13012021.exe

  • Size

    1.0MB

  • Sample

    210113-3bj9546pxa

  • MD5

    2178794f0f12d01f85d909a5131e12c8

  • SHA1

    f39ae8144d690f439d5eda69c74bfe6ed9de4513

  • SHA256

    2449800b54909498a549817cc5bd9b8fc610a0d7ef6fd2bfda0d370783da8d32

  • SHA512

    c4226dbc8935e464fa052c8457951375fdef3a50ead3d6207ba9906211c0876d3ae573698dc39919bc5027fa08233e79159edf2706ac9bc2e6b376b3f2c9e3b4

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.timoniks.com/rbg/

Decoy

fingermode.com

parkplace.finance

hollandgreen2020.com

starbets.site

vehiculesfrigorifiques.com

sydiifinancial.com

rpivuenation.com

freesubdirectory.com

independencepartynyc.com

dogruparti.info

independencecountyclub.com

midnightlashesbykim.com

digitalsept.com

whatilikeabouttoday.com

marktplaatsaccount.info

13400667334.com

xinwei-ge.com

login-appleid.info

momashands.com

kennyxpress.com

Targets

    • Target

      13012021.exe

    • Size

      1.0MB

    • MD5

      2178794f0f12d01f85d909a5131e12c8

    • SHA1

      f39ae8144d690f439d5eda69c74bfe6ed9de4513

    • SHA256

      2449800b54909498a549817cc5bd9b8fc610a0d7ef6fd2bfda0d370783da8d32

    • SHA512

      c4226dbc8935e464fa052c8457951375fdef3a50ead3d6207ba9906211c0876d3ae573698dc39919bc5027fa08233e79159edf2706ac9bc2e6b376b3f2c9e3b4

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks