Overview

overview

10

Static

static

026b337a05...76.exe

windows7_x64

1

026b337a05...76.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    026b337a051a03e14690154785c25b76.exe

  • Size

    1.0MB

  • Sample

    210113-65hww9cy8a

  • MD5

    026b337a051a03e14690154785c25b76

  • SHA1

    9cedfcf4ef7f1aef400ff9ff39d31e7882757837

  • SHA256

    2570b1f0780a754b70c2ec5525da16952c9634a2da6b21c92693380529daffe2

  • SHA512

    4d32f147ea8e4e6b7c0a7ddfd0bf322029541464d6465e05bf69e483f38a0a807a6cee43ebac9385eebeed4953a2d1293da1bf124123998b054ad8eed7f00ec8

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.printmeroyal.com/ndm/

Decoy

gamilashopping.com

thebodyerotique.com

vulcan24on-line.com

nehyam.com

retrofityapi.com

sprayld2u.com

kieronart.com

vinteebee.com

temati.club

drenaz-limfatyczny.com

zrtopway.com

acaciagardens-bh.com

myloudmylarbags.com

fejseshessete.com

total-bar.com

yourmajordomo.com

newsstarbharat.com

vongbi.asia

multipeace.space

thesmellyheifer.com

Targets

    • Target

      026b337a051a03e14690154785c25b76.exe

    • Size

      1.0MB

    • MD5

      026b337a051a03e14690154785c25b76

    • SHA1

      9cedfcf4ef7f1aef400ff9ff39d31e7882757837

    • SHA256

      2570b1f0780a754b70c2ec5525da16952c9634a2da6b21c92693380529daffe2

    • SHA512

      4d32f147ea8e4e6b7c0a7ddfd0bf322029541464d6465e05bf69e483f38a0a807a6cee43ebac9385eebeed4953a2d1293da1bf124123998b054ad8eed7f00ec8

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks