Overview

overview

10

Static

static

r.exe

windows7_x64

10

r.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    r.exe

  • Size

    210KB

  • Sample

    210119-tkz4m7457s

  • MD5

    0df4fee49a8ee5cc6b0f780014848524

  • SHA1

    089173d495e566b99f9487804f52ee8e1dade3fc

  • SHA256

    449e62f0a80a15ae14d16333c553cc9900edb7f282626988beaad31eb5147700

  • SHA512

    752a7ce0199bbca88900540d328592f3e0f715d55a131284956900f16e7a4c7e013ed7587697e85fbddce49315eb0c484d5106db0b28403a10252ec4a75edb83

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.besthandstool.icu/uds2/

Decoy

hrrecruitertraining.com

pancakeroll.club

equiposddl.com

fab-9corporation.com

seanformo.com

fisika-uinam.com

cheeseburgerpasta.com

cherylkarlfineartist.com

wunderprodukte.net

3912699.com

sanitizyo.com

856381190.xyz

aprobet42.xyz

knutsfastigheter.com

disalvospizzaitalian.com

energysavingsolarpower.com

oldwonderful.com

se32688.com

samkecollection.com

colegioreynosa.com

Targets

    • Target

      r.exe

    • Size

      210KB

    • MD5

      0df4fee49a8ee5cc6b0f780014848524

    • SHA1

      089173d495e566b99f9487804f52ee8e1dade3fc

    • SHA256

      449e62f0a80a15ae14d16333c553cc9900edb7f282626988beaad31eb5147700

    • SHA512

      752a7ce0199bbca88900540d328592f3e0f715d55a131284956900f16e7a4c7e013ed7587697e85fbddce49315eb0c484d5106db0b28403a10252ec4a75edb83

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks