Overview

overview

10

Static

static

Details fo...gs.exe

windows7_x64

10

Details fo...gs.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Details for bookings.exe

  • Size

    999KB

  • Sample

    210119-e6ax4ynl42

  • MD5

    a25a89b6290bd06ba2bd66ef1ff7b4d1

  • SHA1

    5596b820a3ce13c56473185ad4f67079c4ac3f8d

  • SHA256

    39872cee88d7cf4d0f0cc42d09348b6fea960a62861fab210bf257c4e6bc3a36

  • SHA512

    6a88385d5d653ee01e6251b944de4da855fac18054ede73e8bdae8a30ac832d3a83b8c7ed8bd7c2cf04b855ea9d3fb9032d7560bc25f6d6947ca921b2a8d96a4

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.deuxus.com/t052/

Decoy

ladybug-learning.com

unforgottenstory.com

oldmopaiv.xyz

natashaexim.com

hannahmcelgunn.com

retargetingmachines.info

njoconline.com

unicornlankadelivery.com

giftkerala.com

englishfordoctors.online

schatzilandrvresort.com

brujoisaac.com

basiccampinggear.com

escapees.today

dgyxsy888.com

stevebana.xyz

mimozakebap.com

ezdoff.com

pluumyspalace.com

shaoshanshan.com

Targets

    • Target

      Details for bookings.exe

    • Size

      999KB

    • MD5

      a25a89b6290bd06ba2bd66ef1ff7b4d1

    • SHA1

      5596b820a3ce13c56473185ad4f67079c4ac3f8d

    • SHA256

      39872cee88d7cf4d0f0cc42d09348b6fea960a62861fab210bf257c4e6bc3a36

    • SHA512

      6a88385d5d653ee01e6251b944de4da855fac18054ede73e8bdae8a30ac832d3a83b8c7ed8bd7c2cf04b855ea9d3fb9032d7560bc25f6d6947ca921b2a8d96a4

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks