Overview

overview

10

Static

static

Project Re...df.exe

windows7_x64

10

Project Re...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Project Review_pdf.ace

  • Size

    616KB

  • Sample

    210113-lga5gc692x

  • MD5

    b04c0aa206def29aef3cc83017dc57b8

  • SHA1

    93535ae1bb09443b58ec072c39ee93ea56ddecb3

  • SHA256

    8992acb9785fa3b6193a31207cdd573a3295f8ca0b4a2f4cb8ba214a469a0a3c

  • SHA512

    f545b0c873fbe7330a25c0fcef05cd1b420e80885291128ad676f9eceebe51e050c8d916cc8a1f266cfc25fb70cc25c6f08381ddc98de80514d78153d06911fb

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.workonlinetimallen.com/dll/

Decoy

nyeconcreations.com

generar-k.com

refugiodelmate.com

elementclubhouse.com

freescorrs.xyz

tonesweettone.com

lojachicco.com

cyberxchange.net

strobelsolutions.com

tipsytravelerbar.com

shesheofnewyork.com

jdallmed.com

woefys.online

naviwatch.net

yuelvzuche.com

thehoneysuppliers.site

smokindeebflavors.com

preventvaccins.com

thepraisehouse.com

lgbtpridedirectory.com

Targets

    • Target

      Project Review_pdf.exe

    • Size

      913KB

    • MD5

      508b7bca5b55eba939827fa59d25195c

    • SHA1

      991fae86b65d9ae32f267d53c05d3b24248bd1ac

    • SHA256

      28aad79081b924ce33128b96953771392acdd3881c2b21db53d1a0f8de83ec5b

    • SHA512

      afbcad2c554c15b272b1ff5b4156f9bf360556d0faab9c4e4760195a8efd86b6942b0f6259df45e14932b812227cbaa74d1adc76f2c5c3765d038cf28d891958

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks