Overview

overview

10

Static

static

6b0128e753...5e.exe

windows7_x64

10

6b0128e753...5e.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6b0128e753b4c8eb55a0726dbdbbf35e.exe

  • Size

    1.0MB

  • Sample

    210113-h2xpcmfwdx

  • MD5

    6b0128e753b4c8eb55a0726dbdbbf35e

  • SHA1

    12ab2a6cb7c26acad4ba209bafdb6fd2ff33523b

  • SHA256

    0ae22d4877231b64b2e9e1252bbe8636ea43fe5692ca899733e715ccfc82e224

  • SHA512

    152e90baebb510c397a7625ec9295ea806d4c233b00df8a938c9f62ea5966f88873b26558cb03131ba992ce7713704b2f2aeb90394bf46355eb6f16d119932f7

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.zglvyouzaixian.com/nki/

Decoy

igo-digiworld.com

infrahiit.com

herhealingwater.com

inspiredbytradition.com

onlinepropertyworld.com

rvwdj.com

mudahbikinsuhi.online

multipleofferonline.com

striveyouthministry.com

affectiveneuro.net

f21m.com

perfumefashion.icu

instantcash4rvs.com

help-verifiedbadge.com

solomonislandsblog.com

vipshoppingwizard.com

doggybargains.com

fjyaoxi.net

luxpropertyandassociates.com

companyfinders.com

Targets

    • Target

      6b0128e753b4c8eb55a0726dbdbbf35e.exe

    • Size

      1.0MB

    • MD5

      6b0128e753b4c8eb55a0726dbdbbf35e

    • SHA1

      12ab2a6cb7c26acad4ba209bafdb6fd2ff33523b

    • SHA256

      0ae22d4877231b64b2e9e1252bbe8636ea43fe5692ca899733e715ccfc82e224

    • SHA512

      152e90baebb510c397a7625ec9295ea806d4c233b00df8a938c9f62ea5966f88873b26558cb03131ba992ce7713704b2f2aeb90394bf46355eb6f16d119932f7

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks