Overview

overview

10

Static

static

Details...exe

windows7_x64

10

Details...exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Details...exe

  • Size

    978KB

  • Sample

    210119-wqb7xavpza

  • MD5

    4784ea7aa126e562158fd9882a3f771e

  • SHA1

    1e74531be148cd8ecea482b060836f1102cbb57b

  • SHA256

    62e4e1e22348e0eb9b33c350ee4489a3d9292dd81bf289282ebb148507180609

  • SHA512

    5b8ec648de68f613d104870e4b4e7a08c9d79a83ba3622ba4f00166ae16fa994f59e96ca5c732c76d0f553141590634a2443e26e8be359b172b7d06d254a8493

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.deuxus.com/t052/

Decoy

ladybug-learning.com

unforgottenstory.com

oldmopaiv.xyz

natashaexim.com

hannahmcelgunn.com

retargetingmachines.info

njoconline.com

unicornlankadelivery.com

giftkerala.com

englishfordoctors.online

schatzilandrvresort.com

brujoisaac.com

basiccampinggear.com

escapees.today

dgyxsy888.com

stevebana.xyz

mimozakebap.com

ezdoff.com

pluumyspalace.com

shaoshanshan.com

Targets

    • Target

      Details...exe

    • Size

      978KB

    • MD5

      4784ea7aa126e562158fd9882a3f771e

    • SHA1

      1e74531be148cd8ecea482b060836f1102cbb57b

    • SHA256

      62e4e1e22348e0eb9b33c350ee4489a3d9292dd81bf289282ebb148507180609

    • SHA512

      5b8ec648de68f613d104870e4b4e7a08c9d79a83ba3622ba4f00166ae16fa994f59e96ca5c732c76d0f553141590634a2443e26e8be359b172b7d06d254a8493

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks