Overview

overview

10

Static

static

BL copy or...21.exe

windows7_x64

10

BL copy or...21.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BL copy order nr. 1054-21.exe

  • Size

    1.1MB

  • Sample

    210119-5ljy8p5mz6

  • MD5

    27ce7deb2528e3f77342c372f8789fed

  • SHA1

    6d22d76fc1b7728d0f2065aca472f8c20bcd08bc

  • SHA256

    5c7b804890877a7a9da085d878b0fc1a444aa1b75965e16beab74c978fab6079

  • SHA512

    ba1ac8a35be56c4ee1ca2ab00082d33891184af1d5a9e97711aa92733a95adfaaa5f161de6868bbdb3dcc9fed0f71f32fcf71e3691f83cdb85c23fba7f502b0d

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.paniciagency.com/n6sn/

Decoy

siearrasmission.com

exploringcharlotte.com

michaelthomasgunn.com

automationmarketers.com

vynxcl3kv3.com

df2229.com

vazivaimmo.net

usful.info

vescuderoabogados.com

janidevco.com

newshum.com

teamworkgod.com

snowwayconstruction.com

s8fyit.com

economicidentity.com

jennysay.com

gamoauction.com

thebooksofblood.com

graymatter-bi.com

newtownquick.net

Targets

    • Target

      BL copy order nr. 1054-21.exe

    • Size

      1.1MB

    • MD5

      27ce7deb2528e3f77342c372f8789fed

    • SHA1

      6d22d76fc1b7728d0f2065aca472f8c20bcd08bc

    • SHA256

      5c7b804890877a7a9da085d878b0fc1a444aa1b75965e16beab74c978fab6079

    • SHA512

      ba1ac8a35be56c4ee1ca2ab00082d33891184af1d5a9e97711aa92733a95adfaaa5f161de6868bbdb3dcc9fed0f71f32fcf71e3691f83cdb85c23fba7f502b0d

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks