Overview

overview

10

Static

static

exhibition...fq.exe

windows7_x64

10

exhibition...fq.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    exhibition-template236-2021 Rfq.exe

  • Size

    1.0MB

  • Sample

    210114-f4xdts5qqs

  • MD5

    d09798497a9ef1607165c7de07fb9c3d

  • SHA1

    b13ccb6ead3147d51d7d34cb3d2c92a660df07d3

  • SHA256

    851353adb58e4070df07037da80543a4d67d6eceee20659fe9c5cb5ef4c1a344

  • SHA512

    2cc20f233391ddfe71676aeb2fcc49396c5250af3436b054a23a93f490169a7137d93cd3cbba16d8b83c8f5f8a9e937f5442a7535bb63fa92b0a28b99f553c9a

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.styrelseforum.com/p95n/

Decoy

kimberlyrutledge.com

auctus.agency

johnemotions.com

guilt-brilliant.com

wxshangdian.com

theolivetreeonline.com

stellarfranchisebrands.com

every1no1.com

hoangthanhgroup.com

psm-gen.com

kingdomwow.com

digitalksr.com

karynpolitoforlg.com

youthdaycalgary.com

libertyhandymanservicesllc.com

breatheohio.com

allenleather.com

transformafter50.info

hnhsylsb.com

hmtradebd.com

Targets

    • Target

      exhibition-template236-2021 Rfq.exe

    • Size

      1.0MB

    • MD5

      d09798497a9ef1607165c7de07fb9c3d

    • SHA1

      b13ccb6ead3147d51d7d34cb3d2c92a660df07d3

    • SHA256

      851353adb58e4070df07037da80543a4d67d6eceee20659fe9c5cb5ef4c1a344

    • SHA512

      2cc20f233391ddfe71676aeb2fcc49396c5250af3436b054a23a93f490169a7137d93cd3cbba16d8b83c8f5f8a9e937f5442a7535bb63fa92b0a28b99f553c9a

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks