Overview

overview

10

Static

static

payment ad...df.exe

windows7_x64

10

payment ad...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    payment advice002436_pdf.exe

  • Size

    680KB

  • Sample

    210115-64jehlsf3e

  • MD5

    55315ebd192457168fb45e0e2dfd34b9

  • SHA1

    4ef2765a6d996301ba1f071cd8a47c5a8a9e82fe

  • SHA256

    d295487f9604941495341ea43a4f21b3beed094c81225ab75e41a0b10541ad9b

  • SHA512

    5dbc71ea1b14d14aceef251499fdfaffd0703dd677f7716741bd82ae7396bbf4b38f50d0a5dc4e0b56a330a62364a0caf015c6762098c4449c4d0c9251abf191

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.aftabzahur.com/wgn/

Decoy

kokokara-life-blog.com

faswear.com

futureleadershiptoday.com

date4done.xyz

thecouponinn.com

bbeycarpetsf.com

propolisnasalspray.com

jinjudiamond.com

goodevectors.com

nehyam.com

evalinkapuppets.com

what-if-statistics.com

rateofrisk.com

impacttestonlinne.com

servis-kaydet.info

coloniacafe.com

marcemarketing.com

aarigging.com

goddesswitchery.com

jasqblo.icu

Targets

    • Target

      payment advice002436_pdf.exe

    • Size

      680KB

    • MD5

      55315ebd192457168fb45e0e2dfd34b9

    • SHA1

      4ef2765a6d996301ba1f071cd8a47c5a8a9e82fe

    • SHA256

      d295487f9604941495341ea43a4f21b3beed094c81225ab75e41a0b10541ad9b

    • SHA512

      5dbc71ea1b14d14aceef251499fdfaffd0703dd677f7716741bd82ae7396bbf4b38f50d0a5dc4e0b56a330a62364a0caf015c6762098c4449c4d0c9251abf191

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks