Overview

overview

10

Static

static

Confirm!!.exe

windows7_x64

10

Confirm!!.exe

windows10_x64

10

Resubmissions

17-01-2021 18:00

210117-7tg4bkzgjn 10

17-01-2021 17:55

210117-y56mjft712 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Confirm!!.exe

  • Size

    822KB

  • Sample

    210117-7tg4bkzgjn

  • MD5

    7fe88cceaddc558f6c812a574dd7d2d8

  • SHA1

    feea6851987dec87602c10633c7748bb1a184b5a

  • SHA256

    005051028cd70b06d41a9703a87b07dfd779d03395073edf6d43aaa10a719040

  • SHA512

    7fc4a802bb5703a8b23853739f1a3c1a986f9fa623d0a7327243cad31c3a2cbcf31555f875e8b4ab707a336912707f5814ddfb0ee4540fe4a1d1e89131bef362

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.deuxus.com/t052/

Decoy

ladybug-learning.com

unforgottenstory.com

oldmopaiv.xyz

natashaexim.com

hannahmcelgunn.com

retargetingmachines.info

njoconline.com

unicornlankadelivery.com

giftkerala.com

englishfordoctors.online

schatzilandrvresort.com

brujoisaac.com

basiccampinggear.com

escapees.today

dgyxsy888.com

stevebana.xyz

mimozakebap.com

ezdoff.com

pluumyspalace.com

shaoshanshan.com

Targets

    • Target

      Confirm!!.exe

    • Size

      822KB

    • MD5

      7fe88cceaddc558f6c812a574dd7d2d8

    • SHA1

      feea6851987dec87602c10633c7748bb1a184b5a

    • SHA256

      005051028cd70b06d41a9703a87b07dfd779d03395073edf6d43aaa10a719040

    • SHA512

      7fc4a802bb5703a8b23853739f1a3c1a986f9fa623d0a7327243cad31c3a2cbcf31555f875e8b4ab707a336912707f5814ddfb0ee4540fe4a1d1e89131bef362

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks