Overview

overview

10

Static

static

order no.0118-21.exe

windows7_x64

1

order no.0118-21.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    order no.0118-21.exe

  • Size

    1.1MB

  • Sample

    210118-9357mkt4rx

  • MD5

    ea3b95545772a4401f0978721eef7353

  • SHA1

    1828a711a093a3f974a420cf12fa3d67c48bd3a8

  • SHA256

    6a7659b4614c990d4feba15eeef035d47dcb8f46d92320620205eb6131eaf6a4

  • SHA512

    2dc1946ae0113e51c248c7308aa7efc59a6cdea9bb40b17e6bf6b69660095eb64af71f3b3f0ec6657bf800e00938d51b3f53060e9da8065703c22067e0b2c342

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.paniciagency.com/n6sn/

Decoy

siearrasmission.com

exploringcharlotte.com

michaelthomasgunn.com

automationmarketers.com

vynxcl3kv3.com

df2229.com

vazivaimmo.net

usful.info

vescuderoabogados.com

janidevco.com

newshum.com

teamworkgod.com

snowwayconstruction.com

s8fyit.com

economicidentity.com

jennysay.com

gamoauction.com

thebooksofblood.com

graymatter-bi.com

newtownquick.net

Targets

    • Target

      order no.0118-21.exe

    • Size

      1.1MB

    • MD5

      ea3b95545772a4401f0978721eef7353

    • SHA1

      1828a711a093a3f974a420cf12fa3d67c48bd3a8

    • SHA256

      6a7659b4614c990d4feba15eeef035d47dcb8f46d92320620205eb6131eaf6a4

    • SHA512

      2dc1946ae0113e51c248c7308aa7efc59a6cdea9bb40b17e6bf6b69660095eb64af71f3b3f0ec6657bf800e00938d51b3f53060e9da8065703c22067e0b2c342

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks