Overview

overview

10

Static

static

invoice.exe

windows7_x64

10

invoice.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    invoice.exe

  • Size

    540KB

  • Sample

    210118-qzp9bmd38a

  • MD5

    59f1d68e7d7425a82b9fe1a3ff2dd295

  • SHA1

    95332a045f2e869e01f1adcffd529b7c4a6980c8

  • SHA256

    adc10139a3870919bf60c4345f1e9d09eec3c590a434e761c55ff3da112e9a68

  • SHA512

    ea81d912c4ce33d5cfc5ebd66bfeae4a3fdfd6260b8507b89738b56d6ead4418f192f59774b8cce3e163cb479752783e36a3a4c9bff3d89e93de0945d6afc8aa

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.berkeleyreese.com/tabo/

Decoy

clarkandfarm.com

membersplusisthebest.com

themiraclesboutique.com

jhbsqmzaz.icu

shubharambhvastralay.com

flixnite.com

ewanthompson.net

pompanodogtrainers.com

palmbeachdialysiscenter.com

humpflix.com

siplumbing.info

photographerasheville.com

chapalalistings.com

sandwichfairnh.com

c2b-333.com

alwaysbebright.com

century-ych.com

groundcloudio.com

matodentro.com

sketch59.com

Targets

    • Target

      invoice.exe

    • Size

      540KB

    • MD5

      59f1d68e7d7425a82b9fe1a3ff2dd295

    • SHA1

      95332a045f2e869e01f1adcffd529b7c4a6980c8

    • SHA256

      adc10139a3870919bf60c4345f1e9d09eec3c590a434e761c55ff3da112e9a68

    • SHA512

      ea81d912c4ce33d5cfc5ebd66bfeae4a3fdfd6260b8507b89738b56d6ead4418f192f59774b8cce3e163cb479752783e36a3a4c9bff3d89e93de0945d6afc8aa

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks