Overview

overview

10

Static

static

PO-000202112.exe

windows7_x64

10

PO-000202112.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO-000202112.exe

  • Size

    1.0MB

  • Sample

    210113-qpr2ssfnns

  • MD5

    673900f8da4aa24a77f61417d0273d85

  • SHA1

    0d04e357ccb332b63b1a8d9d4e9f6b889c2f0b77

  • SHA256

    c3a69db8642855e1dfcbcb213f7f050c5fb2d86744183b13483411f97009c2a0

  • SHA512

    63c30b550f314620cdc961eb1dcb0c91e8f9b702aa722f34b0c81c308ac5f44ab9818bd12fb8e13aabc6ed3bab16b6df90b1727aed976fcf86ee4a0422adfde6

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.culturespk.com/kbl/

Decoy

flamesapp.com

ravenridgehoa.com

epraggma.com

stupidbooks.com

jointhesadls.com

estavisaapplication.com

12minhomebusiness.com

wwddww.com

stratusdetroitmail.com

storevanguard.com

cadeaux-et-gadgets.com

vbnfnleoba.club

ilikecircles.com

inspirednycharm.com

baizhongcai.com

medinius.info

call0815.com

vastu618.com

beautyshopin.com

looksplanet.com

Targets

    • Target

      PO-000202112.exe

    • Size

      1.0MB

    • MD5

      673900f8da4aa24a77f61417d0273d85

    • SHA1

      0d04e357ccb332b63b1a8d9d4e9f6b889c2f0b77

    • SHA256

      c3a69db8642855e1dfcbcb213f7f050c5fb2d86744183b13483411f97009c2a0

    • SHA512

      63c30b550f314620cdc961eb1dcb0c91e8f9b702aa722f34b0c81c308ac5f44ab9818bd12fb8e13aabc6ed3bab16b6df90b1727aed976fcf86ee4a0422adfde6

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks