Overview

overview

10

Static

static

urgent spe...st.exe

windows7_x64

10

urgent spe...st.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    urgent specification request.exe

  • Size

    1.0MB

  • Sample

    210113-cepy13kzy2

  • MD5

    72a9c8f82996953e9fa72e5e0b85afca

  • SHA1

    33f74928d66e687c2f981f9219a92d936152cbaf

  • SHA256

    931f6aeff35cea88af521bc2cdca24164113c47ab3153e148e33d5bce66313f4

  • SHA512

    ed85947f1b9f04e1d84646386b635c05dce66f063b3095b9873adbfa5b6c14b7f4bcc385aa14c0a2da4efd772e9278a517f58ff6b31d7f654d325d2efd0fdddd

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.timoniks.com/rbg/

Decoy

fingermode.com

parkplace.finance

hollandgreen2020.com

starbets.site

vehiculesfrigorifiques.com

sydiifinancial.com

rpivuenation.com

freesubdirectory.com

independencepartynyc.com

dogruparti.info

independencecountyclub.com

midnightlashesbykim.com

digitalsept.com

whatilikeabouttoday.com

marktplaatsaccount.info

13400667334.com

xinwei-ge.com

login-appleid.info

momashands.com

kennyxpress.com

Targets

    • Target

      urgent specification request.exe

    • Size

      1.0MB

    • MD5

      72a9c8f82996953e9fa72e5e0b85afca

    • SHA1

      33f74928d66e687c2f981f9219a92d936152cbaf

    • SHA256

      931f6aeff35cea88af521bc2cdca24164113c47ab3153e148e33d5bce66313f4

    • SHA512

      ed85947f1b9f04e1d84646386b635c05dce66f063b3095b9873adbfa5b6c14b7f4bcc385aa14c0a2da4efd772e9278a517f58ff6b31d7f654d325d2efd0fdddd

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks