Overview

overview

10

Static

static

PO210121.exe

windows7_x64

10

PO210121.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO210121.exe

  • Size

    817KB

  • Sample

    210121-vevgd1yqn2

  • MD5

    fa0c4a673fba23a29d6416bac21c9c43

  • SHA1

    bd43cb3d008f68d2851f0a68e96a0fbdd77ce739

  • SHA256

    898746d8c0bc244b1a1b7ad40e440bc2ea3ad1f058c5782e4d043ff61add8235

  • SHA512

    c5cc072896e32fdff3438880246d341fe5fbc118da14de9f818648ad1691077aea11aa81aae33e2657f895427dba9bdde948f6431db9e9fbb822d3194bd34602

Score
10/10
formbookransomwareratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.adamjbrowne.com/knb/

Decoy

nona-home.com

themundoverdeproject.com

nhlkrakenfans.com

mak-bauunternehmung.com

public-secret.com

exitumgestao.com

stopforeclosurenow.net

citestbiz1597776507.com

kythuatxetnghiemyhoc.com

longislandeventplanner.com

uaetechworld.com

centretabacstop.net

jomelvendivel.com

agricultureesm.com

successwithspencer.com

companywars.net

terrellhillsdirectory.com

ngldwyy.com

cwiprinting.net

lnstagramgetverifyaccounts.site

Targets

    • Target

      PO210121.exe

    • Size

      817KB

    • MD5

      fa0c4a673fba23a29d6416bac21c9c43

    • SHA1

      bd43cb3d008f68d2851f0a68e96a0fbdd77ce739

    • SHA256

      898746d8c0bc244b1a1b7ad40e440bc2ea3ad1f058c5782e4d043ff61add8235

    • SHA512

      c5cc072896e32fdff3438880246d341fe5fbc118da14de9f818648ad1691077aea11aa81aae33e2657f895427dba9bdde948f6431db9e9fbb822d3194bd34602

    Score
    10/10
    formbookransomwareratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks