Overview

overview

10

Static

static

PO 15682.exe

windows7_x64

10

PO 15682.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO 15682.exe

  • Size

    132KB

  • Sample

    210226-b1gdrpwsrn

  • MD5

    152a5851db0c8cf4e0d70ebdc17ee40f

  • SHA1

    6f5d834b312bad0742efacf2dc4e1484a9541b40

  • SHA256

    9433390a8374d47e62017b03c8d949af363e1f1aaa5247a2e320fc611c42f138

  • SHA512

    c28b65148108e09ec8844ef02b8d309a78b9737462dd5ec0bf11817a309d564a810e779e3757d40741712a3a4e0e1bda4f161927876a0500049a3f5bdc40c1af

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.lyceumgroupbooks.com/blk/

Decoy

khoasoldguaranteed.com

mamucosmetic.com

numerologo.guru

r--hmb.info

dirtywonga.net

chefsdelivered.com

reallylongsex.today

ownthelightbetweenoceans.com

tallboyradio.com

laineygissip.com

alkhemilia.com

tiedye-design.com

simonmarkroberts.com

thebattledrones.com

w-bayvip.vin

icloudmyfind.biz

soughandhikaresorts.com

gisjess.com

modacicekevi.com

gymwelluk.com

Targets

    • Target

      PO 15682.exe

    • Size

      132KB

    • MD5

      152a5851db0c8cf4e0d70ebdc17ee40f

    • SHA1

      6f5d834b312bad0742efacf2dc4e1484a9541b40

    • SHA256

      9433390a8374d47e62017b03c8d949af363e1f1aaa5247a2e320fc611c42f138

    • SHA512

      c28b65148108e09ec8844ef02b8d309a78b9737462dd5ec0bf11817a309d564a810e779e3757d40741712a3a4e0e1bda4f161927876a0500049a3f5bdc40c1af

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks