Overview

overview

10

Static

static

Arrival Notice.scr

windows7_x64

10

Arrival Notice.scr

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Arrival Notice.scr

  • Size

    1.0MB

  • Sample

    210119-ddfs8fhkn6

  • MD5

    4817f2cac71c4d47f1f478d69703db60

  • SHA1

    71aaa5e421c5252d4399cacf81a673d84891d1c6

  • SHA256

    14ee2894b546ba6d7835ee4dd8e07ef72fb10bfaebec8f1687da4559267cb72e

  • SHA512

    efa1e717d902e27ef95f32c73e606798e24dac9c9c612bc6499627fea475fbd06cee4e39fff201bc96f22101ab2acd789b719186bbb6d15f81000a151f1026d0

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.thesiromiel.com/kgw/

Decoy

valentinakasu.com

soyelmatador.com

collaborativeprosperity.com

power8brokers.com

nexus-ink.com

manpasandmeatmarket.com

the-ethical-forums.today

maryannpark.com

bikininbodymommy.com

pxwuo.com

bigbangmerch.com

okaysinger.com

shopcarpe.com

rainbowhillsswimclub.com

crifinmarket.com

ebl-play.net

forceandsonsequipment.com

viagraytqwi.com

latashashop.com

suffocatinglymundanepodcast.com

Targets

    • Target

      Arrival Notice.scr

    • Size

      1.0MB

    • MD5

      4817f2cac71c4d47f1f478d69703db60

    • SHA1

      71aaa5e421c5252d4399cacf81a673d84891d1c6

    • SHA256

      14ee2894b546ba6d7835ee4dd8e07ef72fb10bfaebec8f1687da4559267cb72e

    • SHA512

      efa1e717d902e27ef95f32c73e606798e24dac9c9c612bc6499627fea475fbd06cee4e39fff201bc96f22101ab2acd789b719186bbb6d15f81000a151f1026d0

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks