Overview

overview

10

Static

static

PO-23562#TZ232.exe

windows7_x64

10

PO-23562#TZ232.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO-23562#TZ232.exe

  • Size

    1.5MB

  • Sample

    210119-5ef39xsfsx

  • MD5

    357a14cfd77aeee6ccdefd6306790b6e

  • SHA1

    515e8f43b3261329f2da96a7f0e873061c33cbd8

  • SHA256

    cb2e173430a404a7cf52a54db1ff96b0de6eed1b8953d96b57e2780e45e71db9

  • SHA512

    dafb6a5de58bf0a42b378c6e83271e55d28204cf1255fa702b1b312d9b6b31c68315241db9089a4ee09445c202baea1bcf51a33ce6132513bff0331c21d48682

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.styrelseforum.com/p95n/

Decoy

kimberlyrutledge.com

auctus.agency

johnemotions.com

guilt-brilliant.com

wxshangdian.com

theolivetreeonline.com

stellarfranchisebrands.com

every1no1.com

hoangthanhgroup.com

psm-gen.com

kingdomwow.com

digitalksr.com

karynpolitoforlg.com

youthdaycalgary.com

libertyhandymanservicesllc.com

breatheohio.com

allenleather.com

transformafter50.info

hnhsylsb.com

hmtradebd.com

Targets

    • Target

      PO-23562#TZ232.exe

    • Size

      1.5MB

    • MD5

      357a14cfd77aeee6ccdefd6306790b6e

    • SHA1

      515e8f43b3261329f2da96a7f0e873061c33cbd8

    • SHA256

      cb2e173430a404a7cf52a54db1ff96b0de6eed1b8953d96b57e2780e45e71db9

    • SHA512

      dafb6a5de58bf0a42b378c6e83271e55d28204cf1255fa702b1b312d9b6b31c68315241db9089a4ee09445c202baea1bcf51a33ce6132513bff0331c21d48682

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks