Overview

overview

10

Static

static

4ff22921bc...48.exe

windows7_x64

1

4ff22921bc...48.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ff22921bc0d07d7566d986e84afc348.exe

  • Size

    1.0MB

  • Sample

    210113-793ydxt25n

  • MD5

    4ff22921bc0d07d7566d986e84afc348

  • SHA1

    77fbc178ba4fdcad7c50fd27be99a42819229295

  • SHA256

    db22f0cb9581f21a73f9221cb57c49b5e4f698021754eaa30fdbde8db72ad333

  • SHA512

    b928e6358b18b64b3595984e9b7bf47e4c6660803dca44b23270eaadacef6183e234f3bbfe180e48a1565c16fced99fac254a9b13d4ea32c8a16f406c7e463fe

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.zglvyouzaixian.com/nki/

Decoy

igo-digiworld.com

infrahiit.com

herhealingwater.com

inspiredbytradition.com

onlinepropertyworld.com

rvwdj.com

mudahbikinsuhi.online

multipleofferonline.com

striveyouthministry.com

affectiveneuro.net

f21m.com

perfumefashion.icu

instantcash4rvs.com

help-verifiedbadge.com

solomonislandsblog.com

vipshoppingwizard.com

doggybargains.com

fjyaoxi.net

luxpropertyandassociates.com

companyfinders.com

Targets

    • Target

      4ff22921bc0d07d7566d986e84afc348.exe

    • Size

      1.0MB

    • MD5

      4ff22921bc0d07d7566d986e84afc348

    • SHA1

      77fbc178ba4fdcad7c50fd27be99a42819229295

    • SHA256

      db22f0cb9581f21a73f9221cb57c49b5e4f698021754eaa30fdbde8db72ad333

    • SHA512

      b928e6358b18b64b3595984e9b7bf47e4c6660803dca44b23270eaadacef6183e234f3bbfe180e48a1565c16fced99fac254a9b13d4ea32c8a16f406c7e463fe

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks