Overview

overview

10

Static

static

PO#560.zip.exe

windows7_x64

10

PO#560.zip.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO#560.zip.exe

  • Size

    913KB

  • Sample

    210408-f2hzc2r8bj

  • MD5

    225f5938273f006356fd813e46e3fcef

  • SHA1

    347cd34fd095ae8f843ee436dde5043bba8fb192

  • SHA256

    69a395d24a3536ef7698ae036596bed55856d4777356946f498faec3f1395f8d

  • SHA512

    a6b9d13ea56e7e22abb484de6c4d5b53b7dc645e23327c9b45d20ce872408d3a9c9c93bdf540e39dd3c4a0206f7fc5008edff5787fad1b2674ebe3e060bbfb9c

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.talllensphotography.com/md5/

Decoy

gnd3.com

thedrata.com

carbeloy.com

impactpittsburg.com

sussage.com

mikespencil.com

ghoshtechno.com

partnermassagetherapy.com

nagago.asia

parkviee.com

kichisanpo.com

awbaviation.com

shopvibeup.com

ab-alamode.com

cash4homesutah.com

funbrushstrokes.com

adeleycar.com

actsbooking.com

rojorodi.icu

fleurdelyscantho.com

Targets

    • Target

      PO#560.zip.exe

    • Size

      913KB

    • MD5

      225f5938273f006356fd813e46e3fcef

    • SHA1

      347cd34fd095ae8f843ee436dde5043bba8fb192

    • SHA256

      69a395d24a3536ef7698ae036596bed55856d4777356946f498faec3f1395f8d

    • SHA512

      a6b9d13ea56e7e22abb484de6c4d5b53b7dc645e23327c9b45d20ce872408d3a9c9c93bdf540e39dd3c4a0206f7fc5008edff5787fad1b2674ebe3e060bbfb9c

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks