Overview

overview

10

Static

static

Purchase o...21.exe

windows7_x64

1

Purchase o...21.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase order nr.0119-21.exe

  • Size

    1.0MB

  • Sample

    210119-mna8mgpb1a

  • MD5

    f1195195c48e9e841b5405ef68ba4763

  • SHA1

    67e7f7206f0fd88af81dec81bc07e19c78849272

  • SHA256

    e56fe870da3015a5537b82acf5b9228953cafa74235b5c9257eaf049a6045cc6

  • SHA512

    7f5f6fbe07779097b649cd750a0aae19515ffb119c8f1a03747d4bfc1964be541d3c616a4ed6311c8ada6a409a72799b2c0caaa92cccb8bdc9d1731b6bdc85a4

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.paniciagency.com/n6sn/

Decoy

siearrasmission.com

exploringcharlotte.com

michaelthomasgunn.com

automationmarketers.com

vynxcl3kv3.com

df2229.com

vazivaimmo.net

usful.info

vescuderoabogados.com

janidevco.com

newshum.com

teamworkgod.com

snowwayconstruction.com

s8fyit.com

economicidentity.com

jennysay.com

gamoauction.com

thebooksofblood.com

graymatter-bi.com

newtownquick.net

Targets

    • Target

      Purchase order nr.0119-21.exe

    • Size

      1.0MB

    • MD5

      f1195195c48e9e841b5405ef68ba4763

    • SHA1

      67e7f7206f0fd88af81dec81bc07e19c78849272

    • SHA256

      e56fe870da3015a5537b82acf5b9228953cafa74235b5c9257eaf049a6045cc6

    • SHA512

      7f5f6fbe07779097b649cd750a0aae19515ffb119c8f1a03747d4bfc1964be541d3c616a4ed6311c8ada6a409a72799b2c0caaa92cccb8bdc9d1731b6bdc85a4

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks