Overview

overview

10

Static

static

CONT NO DF...st.exe

windows7_x64

10

CONT NO DF...st.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CONT NO DFSU125310 products list.zip

  • Size

    581KB

  • Sample

    210226-mdqf9bfpv6

  • MD5

    5c0ea63f711971e55e0f1b85cc59751c

  • SHA1

    4ae3061bb471cce3dfdecffffce31a4fa3765276

  • SHA256

    844727f01eed9313452abb10cbc86485bdd0f2ba46d3e5fe7e3b87bd1c8a0e60

  • SHA512

    fa48873c8a07a391b48174e14186987842499b46d91056e24a0a2dfdd6d1865448ccd63557758a7bc69ac182c4722a45e8455b98cba7b4be47992e667e9fd021

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.discorddeno.land/suod/

Decoy

casirivimab.info

johnvogia.com

lzdafang.com

tarihmarketi.com

singalongpress.com

three60farms.com

websky.pro

jacketsmecca.com

magentos6.com

brooksideseniorapts.com

onewhistleandflags.com

naturopathe-valdoise-france.com

reflexmem.com

kurumsalpanel.com

bhuwarecruitment.com

exponentialhealth.online

posttensionrepairs.com

prbrokerllc.com

aashealthcarestaffing.com

pubgeventcenter.com

Targets

    • Target

      CONT NO DFSU125310 products list.exe

    • Size

      1.0MB

    • MD5

      5a92c96663ac34dd87d73e789c27f610

    • SHA1

      46e21943df04f53eb175007c4bff3040619ae50b

    • SHA256

      9f38ade8e53d28eef33a81e0559b92b44fa878ae9b61fadd3bb245d33486e2c0

    • SHA512

      1bfb7176c5e9eeb2103a36760137fbe773d8b3170842e8e1e92a3b4629b140f93b4804a0198732a71924e0f4514325575310986e8b41805f860f844d01f1ca8a

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks