Overview

overview

10

Static

static

(G0170-PF3...2T.exe

windows7_x64

1

(G0170-PF3...2T.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    (G0170-PF3F-20-0260)2T.exe

  • Size

    913KB

  • Sample

    210119-5g81l85cgx

  • MD5

    a0a82102cb43369d8f015e6b0ccbc92f

  • SHA1

    f455daf508f31a8c5346a38ac50254aabd8d0e66

  • SHA256

    4152dfeafe557dc1f2f56dbf30de70914fbfc379c144678588b3629bccf7e905

  • SHA512

    9911d136c9059944e43030a2133f6124f7621882c419da9cb2538a4e57bcf388161e71514dc58805c6e80ef23cfb7cbd5f857204d5f8fa870a65cacb33e05a16

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.niket.world/u77/

Decoy

xfzq168.com

bangbroe.com

mickwestband.com

istoeofertas.com

cornerstonecosmetics.com

ycshengquan.com

mercedesbaldo.com

965459.com

wehealasonepinas.com

cbdamic.com

only1weightcontrol.com

bbvqcompass.com

ganni76.com

theartishock.com

asianatofu.com

birkston.com

reidformayor.com

yoonymax.com

radicalcoachsociety.com

fabeaulashspa.com

Targets

    • Target

      (G0170-PF3F-20-0260)2T.exe

    • Size

      913KB

    • MD5

      a0a82102cb43369d8f015e6b0ccbc92f

    • SHA1

      f455daf508f31a8c5346a38ac50254aabd8d0e66

    • SHA256

      4152dfeafe557dc1f2f56dbf30de70914fbfc379c144678588b3629bccf7e905

    • SHA512

      9911d136c9059944e43030a2133f6124f7621882c419da9cb2538a4e57bcf388161e71514dc58805c6e80ef23cfb7cbd5f857204d5f8fa870a65cacb33e05a16

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks