Overview

overview

10

Static

static

MAERSK Boo...df.exe

windows7_x64

10

MAERSK Boo...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MAERSK Booking Confirmation_Pdf.ace

  • Size

    376KB

  • Sample

    210226-tkntfb4kwj

  • MD5

    5e8ecd542613d30a60fe5df05bb2dbf7

  • SHA1

    b2ccbf266c84b81efb723778fd451322b5a50416

  • SHA256

    a844e47ec2d8b3844c1d327be8628449dfe60cf7949accf7c86fca860dc33c7c

  • SHA512

    16fdd0721791f54dcbdf5797b94e4ea2a7daadd56b10574238e2eede6c04ec726d2f049225cf5cad3f009a6a65d39551afeb422091f9b2f2c996c7d45f0bc77c

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.workonlinetimallen.com/dll/

Decoy

nyeconcreations.com

generar-k.com

refugiodelmate.com

elementclubhouse.com

freescorrs.xyz

tonesweettone.com

lojachicco.com

cyberxchange.net

strobelsolutions.com

tipsytravelerbar.com

shesheofnewyork.com

jdallmed.com

woefys.online

naviwatch.net

yuelvzuche.com

thehoneysuppliers.site

smokindeebflavors.com

preventvaccins.com

thepraisehouse.com

lgbtpridedirectory.com

Targets

    • Target

      MAERSK Booking Confirmation_Pdf.exe

    • Size

      498KB

    • MD5

      90277a5bab7cc82507c6c23244ac1507

    • SHA1

      1500a32d309247c7d91b6930be4e6ba3849740c4

    • SHA256

      528006e667ab91fe8d56f0207c97cdb763c0a9386abb1ab16746add4e7efdef8

    • SHA512

      aa2b5674a3ab9240950ca6adbddfc7d2c5e3278d261ee9aed153d96d8deb4c6c4ca1a6ff8586b124250f03e8453537dcd2fc8be53d3f7930c90d1e98d0662af1

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks