Overview

overview

10

Static

static

6b112d62c9...8e.exe

windows7_x64

10

6b112d62c9...8e.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6b112d62c9d5722e71733aebafd86f5ac0a45c71a6776650f9505e239b7d8f8e

  • Size

    755KB

  • Sample

    210118-25tlf4fjen

  • MD5

    d1204a9f635be18db9fda3f9726a3df9

  • SHA1

    652ed4051c171c6decdbbe8a5c724831574453f7

  • SHA256

    6b112d62c9d5722e71733aebafd86f5ac0a45c71a6776650f9505e239b7d8f8e

  • SHA512

    629a76bde6aa37ba01c91ea598e41c2c2175ce47deca8f4173534bc439f819e80adc0d83caba5745a94b580c3701c8297d776a553741d5f9506062068ed6e966

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.jerkerings.com/mnf/

Decoy

freeedomfencemn.com

corse-pollens.com

gellyc.com

mindplusgrind.com

gzrikang.com

horukac.com

aswaqina.com

lawofficeofjimhankey.com

everyoneshoroscope.com

freisaq.com

khimyoga.com

usmarketingdigital.com

artistagospel.com

stop-moskitos.com

sertecbasicos.com

mvmontessori.net

duke-a-website.com

arcaneunlocked.com

turnershydrographics.com

bipbopbling.com

Targets

    • Target

      6b112d62c9d5722e71733aebafd86f5ac0a45c71a6776650f9505e239b7d8f8e

    • Size

      755KB

    • MD5

      d1204a9f635be18db9fda3f9726a3df9

    • SHA1

      652ed4051c171c6decdbbe8a5c724831574453f7

    • SHA256

      6b112d62c9d5722e71733aebafd86f5ac0a45c71a6776650f9505e239b7d8f8e

    • SHA512

      629a76bde6aa37ba01c91ea598e41c2c2175ce47deca8f4173534bc439f819e80adc0d83caba5745a94b580c3701c8297d776a553741d5f9506062068ed6e966

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks