Overview

overview

10

Static

static

IMG_953948...pg.exe

windows7_x64

10

IMG_953948...pg.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMG_9539483238436245,jpg.exe

  • Size

    912KB

  • Sample

    210422-ab5lzfnh6x

  • MD5

    cb68abaabc06c778c17c75739d46f49c

  • SHA1

    4001f18d286f239b11894d70a4e223ddf789c465

  • SHA256

    b9ec25f02746e41791c31aa20c281f9a490a999962853f4b5122e94fb2f1aec2

  • SHA512

    43ccee3402df74e05a45b510d5f82ed6206fefb08e93c8bc1f6e2bac29cf23ddd472ff35e9ab5e6f3bdcbf93be13218420993f9dbe06d93ca06652a721a83bfd

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.supinapp.com/grv/

Decoy

morganofatlanta.com

vz473.com

hengetelt.com

bailcally.com

virtuosoonline.com

tenthousandli.com

ohanamascota.com

digi-plates.com

prismagtech.com

we-cinema.com

372680.com

smartautoexpert.xyz

mrxzg.com

apartment-brussels.com

reverseincubator.com

linkasean.com

yummicrabva.com

diguchaye.com

reaktorfatura.com

thecatsaysno.com

Targets

    • Target

      IMG_9539483238436245,jpg.exe

    • Size

      912KB

    • MD5

      cb68abaabc06c778c17c75739d46f49c

    • SHA1

      4001f18d286f239b11894d70a4e223ddf789c465

    • SHA256

      b9ec25f02746e41791c31aa20c281f9a490a999962853f4b5122e94fb2f1aec2

    • SHA512

      43ccee3402df74e05a45b510d5f82ed6206fefb08e93c8bc1f6e2bac29cf23ddd472ff35e9ab5e6f3bdcbf93be13218420993f9dbe06d93ca06652a721a83bfd

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks