Overview

overview

10

Static

static

SKM_C36821...20.exe

windows7_x64

10

SKM_C36821...20.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SKM_C36821010708320.exe

  • Size

    766KB

  • Sample

    210113-v4y6f614g6

  • MD5

    15d8096422d137c7388908bb2be61ec4

  • SHA1

    e67d261ef38eb251fb97a466d83c95e75d286ebe

  • SHA256

    fae57c2f185899220dff608004ab571822fc14cc02aa7e30b1cd5db7be4beea8

  • SHA512

    83d38e2e5540d1a2790f834e62bd1cc6978eae92c6d70ca875b72e0d33852473b68b36b99c4fe05e3c100283dee6353e45f907eecbb9369d730c17c5c20bb1f5

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.ameeraglow.com/6bu2/

Decoy

shuttergame.com

beyondregions.com

cuttingedgetinting.com

riveraspanishfoods.com

jfksn.com

rtplay2020.com

idahofallsobituaries.com

qf432.com

magandaconfections.com

suremlak.com

tuproductividadpersonal.com

ziswmyxaw.icu

howtolovemybody.com

signpartnerpro.com

conservative-forward.com

bhscsh.com

todowine.com

garrettthermaldetector.com

bunbook.com

ehealthla.com

Targets

    • Target

      SKM_C36821010708320.exe

    • Size

      766KB

    • MD5

      15d8096422d137c7388908bb2be61ec4

    • SHA1

      e67d261ef38eb251fb97a466d83c95e75d286ebe

    • SHA256

      fae57c2f185899220dff608004ab571822fc14cc02aa7e30b1cd5db7be4beea8

    • SHA512

      83d38e2e5540d1a2790f834e62bd1cc6978eae92c6d70ca875b72e0d33852473b68b36b99c4fe05e3c100283dee6353e45f907eecbb9369d730c17c5c20bb1f5

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks