Overview

overview

10

Static

static

Bookibg Co...df.exe

windows7_x64

10

Bookibg Co...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bookibg Confirmation_Pdf.exe

  • Size

    792KB

  • Sample

    210227-j5z59ftsj2

  • MD5

    f8ebfd07c19a299ac8da762992a3c36b

  • SHA1

    7ef77d36b5bc3ab145d6482396c9d73500083859

  • SHA256

    929a7bad454fe91b472f3cf802633eaab7c4673e55a9dc03ff820cedf8309251

  • SHA512

    5f0b71f880408f306ea267098f46b340538cf4529d9c8c2838694eef9047410bf0bbed1f2f11c5addf50eb94eb0029db87eb8730349d1a5b63603e06ab61ac2f

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.workonlinetimallen.com/dll/

Decoy

nyeconcreations.com

generar-k.com

refugiodelmate.com

elementclubhouse.com

freescorrs.xyz

tonesweettone.com

lojachicco.com

cyberxchange.net

strobelsolutions.com

tipsytravelerbar.com

shesheofnewyork.com

jdallmed.com

woefys.online

naviwatch.net

yuelvzuche.com

thehoneysuppliers.site

smokindeebflavors.com

preventvaccins.com

thepraisehouse.com

lgbtpridedirectory.com

Targets

    • Target

      Bookibg Confirmation_Pdf.exe

    • Size

      792KB

    • MD5

      f8ebfd07c19a299ac8da762992a3c36b

    • SHA1

      7ef77d36b5bc3ab145d6482396c9d73500083859

    • SHA256

      929a7bad454fe91b472f3cf802633eaab7c4673e55a9dc03ff820cedf8309251

    • SHA512

      5f0b71f880408f306ea267098f46b340538cf4529d9c8c2838694eef9047410bf0bbed1f2f11c5addf50eb94eb0029db87eb8730349d1a5b63603e06ab61ac2f

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks