Overview

overview

10

Static

static

15012021546.exe

windows7_x64

10

15012021546.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15012021546.exe

  • Size

    893KB

  • Sample

    210115-xxdag9gys6

  • MD5

    85c2653a529637c000fa5ac67665dcb3

  • SHA1

    a04c8cf5f68a0f2e5f40f5632fbbbcdaf6811cb1

  • SHA256

    cf5a2454c16d739c04939e84f71d62772620f7d0f90df49266e8493393da7167

  • SHA512

    79d5783b74389ded2c2189f93be15d897794978637ef124c6ab7f12e9c72a1f4a84f48853f24d4f06afc23660c79ea1adf683c7d770fa697e6adc00933ab0ff6

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.southsideflooringcreations.com/dkk/

Decoy

goldenfarmm.com

miproper.com

theutahan.com

efeteenerji.com

wellfarehealth.com

setricoo.com

enjoyablephotobooths.com

semaindustrial.com

jennywet.com

jackhughesart.com

cantgetryte.com

searko.com

zxrxhuny.icu

exoticorganicwine.com

fordexplorerproblems.com

locationwebtv.net

elinvoimainenperhe.com

mundoclik.com

nouvellenormale.com

talasnakliyat.com

Targets

    • Target

      15012021546.exe

    • Size

      893KB

    • MD5

      85c2653a529637c000fa5ac67665dcb3

    • SHA1

      a04c8cf5f68a0f2e5f40f5632fbbbcdaf6811cb1

    • SHA256

      cf5a2454c16d739c04939e84f71d62772620f7d0f90df49266e8493393da7167

    • SHA512

      79d5783b74389ded2c2189f93be15d897794978637ef124c6ab7f12e9c72a1f4a84f48853f24d4f06afc23660c79ea1adf683c7d770fa697e6adc00933ab0ff6

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks