Overview

overview

10

Static

static

15012021.exe

windows7_x64

10

15012021.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15012021.exe

  • Size

    901KB

  • Sample

    210115-byypds57la

  • MD5

    250975865bf0cc75d7b05c3a8e9fcbe2

  • SHA1

    3e2cf4300dd07a2662f552b18438895e75486d9a

  • SHA256

    e10a18344876f44eea40708f80322df6ec17eea4fec0b7de74c97aab23421600

  • SHA512

    9bbdb7ad1d4e8abbb195114e2771532e98fda18762a96e55cbdf7cf25337c82e780492f54f59f6c9fe475871c43abab6be4a73e7aeb78025dc00bb1986654136

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.timoniks.com/rbg/

Decoy

fingermode.com

parkplace.finance

hollandgreen2020.com

starbets.site

vehiculesfrigorifiques.com

sydiifinancial.com

rpivuenation.com

freesubdirectory.com

independencepartynyc.com

dogruparti.info

independencecountyclub.com

midnightlashesbykim.com

digitalsept.com

whatilikeabouttoday.com

marktplaatsaccount.info

13400667334.com

xinwei-ge.com

login-appleid.info

momashands.com

kennyxpress.com

Targets

    • Target

      15012021.exe

    • Size

      901KB

    • MD5

      250975865bf0cc75d7b05c3a8e9fcbe2

    • SHA1

      3e2cf4300dd07a2662f552b18438895e75486d9a

    • SHA256

      e10a18344876f44eea40708f80322df6ec17eea4fec0b7de74c97aab23421600

    • SHA512

      9bbdb7ad1d4e8abbb195114e2771532e98fda18762a96e55cbdf7cf25337c82e780492f54f59f6c9fe475871c43abab6be4a73e7aeb78025dc00bb1986654136

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks