Overview

overview

10

Static

static

CONT NO DF...st.exe

windows7_x64

1

CONT NO DF...st.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CONT NO DFSU125310 products list.exe

  • Size

    1.0MB

  • Sample

    210226-b8dqxqhzes

  • MD5

    5a92c96663ac34dd87d73e789c27f610

  • SHA1

    46e21943df04f53eb175007c4bff3040619ae50b

  • SHA256

    9f38ade8e53d28eef33a81e0559b92b44fa878ae9b61fadd3bb245d33486e2c0

  • SHA512

    1bfb7176c5e9eeb2103a36760137fbe773d8b3170842e8e1e92a3b4629b140f93b4804a0198732a71924e0f4514325575310986e8b41805f860f844d01f1ca8a

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.discorddeno.land/suod/

Decoy

casirivimab.info

johnvogia.com

lzdafang.com

tarihmarketi.com

singalongpress.com

three60farms.com

websky.pro

jacketsmecca.com

magentos6.com

brooksideseniorapts.com

onewhistleandflags.com

naturopathe-valdoise-france.com

reflexmem.com

kurumsalpanel.com

bhuwarecruitment.com

exponentialhealth.online

posttensionrepairs.com

prbrokerllc.com

aashealthcarestaffing.com

pubgeventcenter.com

Targets

    • Target

      CONT NO DFSU125310 products list.exe

    • Size

      1.0MB

    • MD5

      5a92c96663ac34dd87d73e789c27f610

    • SHA1

      46e21943df04f53eb175007c4bff3040619ae50b

    • SHA256

      9f38ade8e53d28eef33a81e0559b92b44fa878ae9b61fadd3bb245d33486e2c0

    • SHA512

      1bfb7176c5e9eeb2103a36760137fbe773d8b3170842e8e1e92a3b4629b140f93b4804a0198732a71924e0f4514325575310986e8b41805f860f844d01f1ca8a

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks