Overview

overview

10

Static

static

Paid Invoices_pdf.exe

windows7_x64

10

Paid Invoices_pdf.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Paid Invoices_pdf.exe

  • Size

    738KB

  • Sample

    210115-729jdg9sje

  • MD5

    0326b2ad0ec402ad9421d6dbb1d4b93e

  • SHA1

    f52d2a7b483499334ce084671b874ee3ad921511

  • SHA256

    7a0468a1843e1d6b3e6ad5bdb9f3e1ad2131349fbaf0ac9737f212bca59ce783

  • SHA512

    fee6512b00c39a93f5aeb88d9fa6ccd96c2d8bdf6d1bfb53924e5dc002e2b450dd9028dcd9633ae0aa58bab036834d70ae74f1913009e8e092fe0ef02474a159

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.transparentpetcrate.com/lnb/

Decoy

sauschwein.info

ywpntv.com

gironbeautysalon.online

cryptogeekstuff.com

leosrock.com

sistersv.space

ilss.life

vshuzi.com

europeanculinarymagic.com

mdtlalab.com

boletasenorden.com

eebushe11.com

sms8888.com

arrogantjerxs.com

aboudmotors.com

vzuels.com

searko.com

thathealthysoul.com

365wt38493984284.com

solarpanelsystemflorida.com

Targets

    • Target

      Paid Invoices_pdf.exe

    • Size

      738KB

    • MD5

      0326b2ad0ec402ad9421d6dbb1d4b93e

    • SHA1

      f52d2a7b483499334ce084671b874ee3ad921511

    • SHA256

      7a0468a1843e1d6b3e6ad5bdb9f3e1ad2131349fbaf0ac9737f212bca59ce783

    • SHA512

      fee6512b00c39a93f5aeb88d9fa6ccd96c2d8bdf6d1bfb53924e5dc002e2b450dd9028dcd9633ae0aa58bab036834d70ae74f1913009e8e092fe0ef02474a159

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks