Overview

overview

10

Static

static

IMG_1107.EXE

windows7_x64

10

IMG_1107.EXE

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMG_1107.EXE

  • Size

    909KB

  • Sample

    210121-p2s5x7geta

  • MD5

    2afb1f00ffacc81832cb6980888383cb

  • SHA1

    a9a43ff7af4fae570769dd02992c9df9d6895f97

  • SHA256

    77d1e1c8c87b166c88ab728ff9830a8c7c2da67ce68a5348846fdfa1be8183b3

  • SHA512

    20b6ffe4f26b430392c6c87de8b35f4ad5e150de6f6dfad87815874a1c459ad9552a00c6a28fff94c55cf1e703f73919bf72f576683fa58bc84ecdbc538aa999

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.unitedfootballcamps.com/bf3/

Decoy

ecatcom.com

what3emoji.com

primbathandbody.com

yt-itclub.com

newbieeer.com

getyoursofa.com

mexicanitems.info

catalogcardgames.net

leagueofwomengolfers.com

gvanmp.com

midnightsunhi.com

cnluma.com

sunsetcherrydesigns.com

cosmoproturkey.com

inifinityapps.net

making50masks.com

battalionice.com

uk-calculation.net

frosteatlove.com

bs-mag.com

Targets

    • Target

      IMG_1107.EXE

    • Size

      909KB

    • MD5

      2afb1f00ffacc81832cb6980888383cb

    • SHA1

      a9a43ff7af4fae570769dd02992c9df9d6895f97

    • SHA256

      77d1e1c8c87b166c88ab728ff9830a8c7c2da67ce68a5348846fdfa1be8183b3

    • SHA512

      20b6ffe4f26b430392c6c87de8b35f4ad5e150de6f6dfad87815874a1c459ad9552a00c6a28fff94c55cf1e703f73919bf72f576683fa58bc84ecdbc538aa999

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks