Overview

overview

10

Static

static

5f177ef6ec...c5.exe

windows7_x64

1

5f177ef6ec...c5.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5f177ef6ecb4d66b7762e22fcaa39670353c55e6f1329d56614f909ae03de7c5

  • Size

    970KB

  • Sample

    210120-nnhld7tqex

  • MD5

    6e61268cdd8b93103017981125ff9b40

  • SHA1

    143b39d3148700750e613b070c24fba034e8a7b4

  • SHA256

    5f177ef6ecb4d66b7762e22fcaa39670353c55e6f1329d56614f909ae03de7c5

  • SHA512

    60cc600e982527a0de5bd33b81039bd02070875f647dd0f8673ae7042c86ad8cbf7196bb17a19910480fa505dec0641f7b1b250c329e4b89e1fee22fc9225bdb

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.badstar.net/tmz/

Decoy

easywebplacenetlaramie.com

kushions.today

wallsbilplat.com

csgetdegrees.com

wujuenong.net

bhsentertainmentnews.com

worpar.com

ivappsglobal.com

talktogiamfoods.com

nagoyasteakandsushi.com

blockchaininfo.site

unitylinkonlie.com

sofiavoz.com

livesportsite.com

wishesandmessages.com

diningroomspaintcolorsideas.com

landnlushscents.com

metrosdahospitals.com

coast2coastrent.com

turkhristiyanbirligi.com

Targets

    • Target

      5f177ef6ecb4d66b7762e22fcaa39670353c55e6f1329d56614f909ae03de7c5

    • Size

      970KB

    • MD5

      6e61268cdd8b93103017981125ff9b40

    • SHA1

      143b39d3148700750e613b070c24fba034e8a7b4

    • SHA256

      5f177ef6ecb4d66b7762e22fcaa39670353c55e6f1329d56614f909ae03de7c5

    • SHA512

      60cc600e982527a0de5bd33b81039bd02070875f647dd0f8673ae7042c86ad8cbf7196bb17a19910480fa505dec0641f7b1b250c329e4b89e1fee22fc9225bdb

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks