Overview

overview

10

Static

static

DaJvWffC23hWF2u.exe

windows7_x64

10

DaJvWffC23hWF2u.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DaJvWffC23hWF2u.exe

  • Size

    639KB

  • Sample

    210421-6z7nqn7y3a

  • MD5

    cdf8f544d5a3375d7eebe902a3a3ba50

  • SHA1

    1c7fa4d7b221da27e3bddc0f0d494e77df359de5

  • SHA256

    a46f0189a9016e0af96bebed0e62fad7bbd7e6223ea036c0e6d2da4f9a04a6cc

  • SHA512

    5bb9a8da5bf437c9159999a50c158b41fc5d9878b61d29730539520c921c42976f4bd5446b6c8585dce975e94d535fdf6335bc33063fb610fefe26ff249f728b

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.sevenwhale.com/sdh/

Decoy

yapayzekaokulu.net

amazservices.com

slfengyang.com

khalijepars.com

quailranchcollection.com

xn--3h3b098b.com

thebladebag.com

iagogai.com

grammypay.com

sdcewrgrg.com

xn--00x51ad76f.com

wongtangstore5.host

yashaxi.com

newdavonhaimefoodbank.com

garden-beach.com

argebirlik.com

redpentoken.com

conversationexperiments.net

wonderwithin.co

salaandco.info

Targets

    • Target

      DaJvWffC23hWF2u.exe

    • Size

      639KB

    • MD5

      cdf8f544d5a3375d7eebe902a3a3ba50

    • SHA1

      1c7fa4d7b221da27e3bddc0f0d494e77df359de5

    • SHA256

      a46f0189a9016e0af96bebed0e62fad7bbd7e6223ea036c0e6d2da4f9a04a6cc

    • SHA512

      5bb9a8da5bf437c9159999a50c158b41fc5d9878b61d29730539520c921c42976f4bd5446b6c8585dce975e94d535fdf6335bc33063fb610fefe26ff249f728b

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks