Overview

overview

10

Static

static

PO2364#FD212003.exe

windows7_x64

10

PO2364#FD212003.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO2364#FD212003.exe

  • Size

    1.0MB

  • Sample

    210118-v7433vs7d6

  • MD5

    b7c168ea63b8e1c2fa7eb4059d85283e

  • SHA1

    a41f448c52e01434275c86b928b8b64222e77734

  • SHA256

    f03367cb1758bddd8877e7aca02223797330fc8482d6ffce6f397730ffefd53f

  • SHA512

    b4cac0d652270d385014b0ef90159e279b768f1061ae1086e9df4043a838faed4585dc38b08426e76cc4c39d2c5ed7ccf399e28107eb8dd26011efed3a02cb63

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.styrelseforum.com/p95n/

Decoy

kimberlyrutledge.com

auctus.agency

johnemotions.com

guilt-brilliant.com

wxshangdian.com

theolivetreeonline.com

stellarfranchisebrands.com

every1no1.com

hoangthanhgroup.com

psm-gen.com

kingdomwow.com

digitalksr.com

karynpolitoforlg.com

youthdaycalgary.com

libertyhandymanservicesllc.com

breatheohio.com

allenleather.com

transformafter50.info

hnhsylsb.com

hmtradebd.com

Targets

    • Target

      PO2364#FD212003.exe

    • Size

      1.0MB

    • MD5

      b7c168ea63b8e1c2fa7eb4059d85283e

    • SHA1

      a41f448c52e01434275c86b928b8b64222e77734

    • SHA256

      f03367cb1758bddd8877e7aca02223797330fc8482d6ffce6f397730ffefd53f

    • SHA512

      b4cac0d652270d385014b0ef90159e279b768f1061ae1086e9df4043a838faed4585dc38b08426e76cc4c39d2c5ed7ccf399e28107eb8dd26011efed3a02cb63

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks