Overview

overview

10

Static

static

mTF1eRdnr0OV8c4.exe

windows7_x64

10

mTF1eRdnr0OV8c4.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mTF1eRdnr0OV8c4.exe

  • Size

    863KB

  • Sample

    210114-6cjh67n7v2

  • MD5

    109a86a9bff8c2bed48d2538fc38f45a

  • SHA1

    8ecb82a010603806273c4c76d374cf53c622c0ed

  • SHA256

    bae8d59b05bc0896419e973105103ada842908c24340e88e7444b7c640664b83

  • SHA512

    1eef1d45689f8080cc9d8a2ebc19aefabe0e52ac6bf9653522e4116d9eff19047b5032a205fd78867a710f18842e0befe141044f0b1194df9ce84144ce626b0c

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.badstar.net/tmz/

Decoy

easywebplacenetlaramie.com

kushions.today

wallsbilplat.com

csgetdegrees.com

wujuenong.net

bhsentertainmentnews.com

worpar.com

ivappsglobal.com

talktogiamfoods.com

nagoyasteakandsushi.com

blockchaininfo.site

unitylinkonlie.com

sofiavoz.com

livesportsite.com

wishesandmessages.com

diningroomspaintcolorsideas.com

landnlushscents.com

metrosdahospitals.com

coast2coastrent.com

turkhristiyanbirligi.com

Targets

    • Target

      mTF1eRdnr0OV8c4.exe

    • Size

      863KB

    • MD5

      109a86a9bff8c2bed48d2538fc38f45a

    • SHA1

      8ecb82a010603806273c4c76d374cf53c622c0ed

    • SHA256

      bae8d59b05bc0896419e973105103ada842908c24340e88e7444b7c640664b83

    • SHA512

      1eef1d45689f8080cc9d8a2ebc19aefabe0e52ac6bf9653522e4116d9eff19047b5032a205fd78867a710f18842e0befe141044f0b1194df9ce84144ce626b0c

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks