Overview

overview

10

Static

static

8ea59257ca...d2.exe

windows7_x64

10

8ea59257ca...d2.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8ea59257ca1ccc0d6680d184a985dff22180e056aec54b3afd3ed2c3ad3bc4d2

  • Size

    1.0MB

  • Sample

    210120-nswhmdmnzs

  • MD5

    232a964f2335bd594cc991d75b5794e1

  • SHA1

    40b0c49f9cb93c9537662c948efe09ee1293491e

  • SHA256

    8ea59257ca1ccc0d6680d184a985dff22180e056aec54b3afd3ed2c3ad3bc4d2

  • SHA512

    8583a71e22bbc5cf0ed61358d7237d14bac712ab5e281854717a3fcfec7388d214d9fca564455f1efa3934956d6af4c5a27391ccb9c312dc95b38f56361b012b

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.paniciagency.com/n6sn/

Decoy

siearrasmission.com

exploringcharlotte.com

michaelthomasgunn.com

automationmarketers.com

vynxcl3kv3.com

df2229.com

vazivaimmo.net

usful.info

vescuderoabogados.com

janidevco.com

newshum.com

teamworkgod.com

snowwayconstruction.com

s8fyit.com

economicidentity.com

jennysay.com

gamoauction.com

thebooksofblood.com

graymatter-bi.com

newtownquick.net

Targets

    • Target

      8ea59257ca1ccc0d6680d184a985dff22180e056aec54b3afd3ed2c3ad3bc4d2

    • Size

      1.0MB

    • MD5

      232a964f2335bd594cc991d75b5794e1

    • SHA1

      40b0c49f9cb93c9537662c948efe09ee1293491e

    • SHA256

      8ea59257ca1ccc0d6680d184a985dff22180e056aec54b3afd3ed2c3ad3bc4d2

    • SHA512

      8583a71e22bbc5cf0ed61358d7237d14bac712ab5e281854717a3fcfec7388d214d9fca564455f1efa3934956d6af4c5a27391ccb9c312dc95b38f56361b012b

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks