Overview

overview

10

Static

static

Bookibg Co...df.exe

windows7_x64

1

Bookibg Co...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bookibg Confirmation_Pdf.ace

  • Size

    526KB

  • Sample

    210227-gnqh8xs5ys

  • MD5

    6c38e9ffb7f9df7b54f59c52de38ff3d

  • SHA1

    bba421c3b8e83fc455c63d89a4ebdecc1104c9db

  • SHA256

    3a836df9b4e1f719120bdd40cef8893f91224bf2e685308218c38c2ff2c112f7

  • SHA512

    d784d814ab6f1c7b18c92d42e4e710b5625087a047ceb4308372f15d6bb1d8c75108a057618ee2512bc61e330661d17254311b4791b3fda5bb807df60144339e

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.workonlinetimallen.com/dll/

Decoy

nyeconcreations.com

generar-k.com

refugiodelmate.com

elementclubhouse.com

freescorrs.xyz

tonesweettone.com

lojachicco.com

cyberxchange.net

strobelsolutions.com

tipsytravelerbar.com

shesheofnewyork.com

jdallmed.com

woefys.online

naviwatch.net

yuelvzuche.com

thehoneysuppliers.site

smokindeebflavors.com

preventvaccins.com

thepraisehouse.com

lgbtpridedirectory.com

Targets

    • Target

      Bookibg Confirmation_Pdf.exe

    • Size

      792KB

    • MD5

      f8ebfd07c19a299ac8da762992a3c36b

    • SHA1

      7ef77d36b5bc3ab145d6482396c9d73500083859

    • SHA256

      929a7bad454fe91b472f3cf802633eaab7c4673e55a9dc03ff820cedf8309251

    • SHA512

      5f0b71f880408f306ea267098f46b340538cf4529d9c8c2838694eef9047410bf0bbed1f2f11c5addf50eb94eb0029db87eb8730349d1a5b63603e06ab61ac2f

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks