Overview

overview

10

Static

static

f795ec7686...27.exe

windows7_x64

10

f795ec7686...27.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f795ec76867aff474785453b182fb227.exe

  • Size

    1.4MB

  • Sample

    210120-yzk6rpfbvx

  • MD5

    f795ec76867aff474785453b182fb227

  • SHA1

    5ea17d9e3d7d73867f22984042f2ea9113c4c942

  • SHA256

    f78a6375389df1b721be110480efd240f604f51868031e72d88cb7612616fb67

  • SHA512

    df110e37d963bb3dd9df72d49f551036a2f87a96cb79b76fefb3a8b90889800e1f0a4be68657663b9099f476d3b7a6bfa4a96518aa7e5baa1c2b9ae346304612

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.waverunner-fan.com/pp2/

Decoy

meredithridenhour.com

foundationsseniormanagement.com

sallyta.com

msmonlinellc.com

entreprisesfr.com

neadclunlounge.com

lexuscarbonfiber.com

electroglas-probers.com

investedgefinancialinc.com

blm.healthcare

workoutmagazinemx.com

edmondsagent.com

rodrigzart.com

standardstripcurtains.com

carrier.email

hifan.info

fhcqtravel.com

legacycream.com

topfurnity.com

solids-development.net

Targets

    • Target

      f795ec76867aff474785453b182fb227.exe

    • Size

      1.4MB

    • MD5

      f795ec76867aff474785453b182fb227

    • SHA1

      5ea17d9e3d7d73867f22984042f2ea9113c4c942

    • SHA256

      f78a6375389df1b721be110480efd240f604f51868031e72d88cb7612616fb67

    • SHA512

      df110e37d963bb3dd9df72d49f551036a2f87a96cb79b76fefb3a8b90889800e1f0a4be68657663b9099f476d3b7a6bfa4a96518aa7e5baa1c2b9ae346304612

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks