Overview

overview

10

Static

static

PO2836#NZ232.exe

windows7_x64

1

PO2836#NZ232.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO2836#NZ232.exe

  • Size

    1.2MB

  • Sample

    210115-ls12bk7syx

  • MD5

    8b9f701b5feeb6d1fc76b9a45ef33695

  • SHA1

    c50e76a3bc942145b6d73e7d0fe3d34f2627df10

  • SHA256

    1498cb2f9fa31c5126db058a10187fa76040789d257ac2b61f4d4bbbe77a986c

  • SHA512

    c0e51d97e681c3d4b89d6e451e2fd908b92085359464088b3ef0f8446ffc9291d2fba5b9673b951ee84921ce62b3a4d7c0959e55baf5586c552e430d55da1f8c

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.styrelseforum.com/p95n/

Decoy

kimberlyrutledge.com

auctus.agency

johnemotions.com

guilt-brilliant.com

wxshangdian.com

theolivetreeonline.com

stellarfranchisebrands.com

every1no1.com

hoangthanhgroup.com

psm-gen.com

kingdomwow.com

digitalksr.com

karynpolitoforlg.com

youthdaycalgary.com

libertyhandymanservicesllc.com

breatheohio.com

allenleather.com

transformafter50.info

hnhsylsb.com

hmtradebd.com

Targets

    • Target

      PO2836#NZ232.exe

    • Size

      1.2MB

    • MD5

      8b9f701b5feeb6d1fc76b9a45ef33695

    • SHA1

      c50e76a3bc942145b6d73e7d0fe3d34f2627df10

    • SHA256

      1498cb2f9fa31c5126db058a10187fa76040789d257ac2b61f4d4bbbe77a986c

    • SHA512

      c0e51d97e681c3d4b89d6e451e2fd908b92085359464088b3ef0f8446ffc9291d2fba5b9673b951ee84921ce62b3a4d7c0959e55baf5586c552e430d55da1f8c

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks