Overview

overview

10

Static

static

PO20210120.exe

windows7_x64

10

PO20210120.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO20210120.exe

  • Size

    943KB

  • Sample

    210121-srjhres2ln

  • MD5

    6fc44193a2a79ad1bd15606386bb0cb0

  • SHA1

    d76e50ba12ea567584f9ee992b60bbf838be3c0a

  • SHA256

    82c118d71fb0433b051b37a040f31f2455ceb3ddd01b7d314cf6b1f4648d454d

  • SHA512

    554fa9c246a5284cf6f273cd13e744875150a5ac15d6443a46116a3e311ed60feafde4c9364f8d23dfef22bf1abb38a1bae2c21405c94a68489376a04a1c96ec

Score
10/10
formbookransomwareratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.adamjbrowne.com/knb/

Decoy

nona-home.com

themundoverdeproject.com

nhlkrakenfans.com

mak-bauunternehmung.com

public-secret.com

exitumgestao.com

stopforeclosurenow.net

citestbiz1597776507.com

kythuatxetnghiemyhoc.com

longislandeventplanner.com

uaetechworld.com

centretabacstop.net

jomelvendivel.com

agricultureesm.com

successwithspencer.com

companywars.net

terrellhillsdirectory.com

ngldwyy.com

cwiprinting.net

lnstagramgetverifyaccounts.site

Targets

    • Target

      PO20210120.exe

    • Size

      943KB

    • MD5

      6fc44193a2a79ad1bd15606386bb0cb0

    • SHA1

      d76e50ba12ea567584f9ee992b60bbf838be3c0a

    • SHA256

      82c118d71fb0433b051b37a040f31f2455ceb3ddd01b7d314cf6b1f4648d454d

    • SHA512

      554fa9c246a5284cf6f273cd13e744875150a5ac15d6443a46116a3e311ed60feafde4c9364f8d23dfef22bf1abb38a1bae2c21405c94a68489376a04a1c96ec

    Score
    10/10
    formbookransomwareratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks