Overview

overview

10

Static

static

PI.exe

windows7_x64

1

PI.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    _PI.gz

  • Size

    692KB

  • Sample

    210423-edtdv7nr6e

  • MD5

    a51dd9a68a95cdcc18e1fc4c9dd32e80

  • SHA1

    0fad6b82e2fe7667287f2db60c65ca6e38d95015

  • SHA256

    5b03193577fcef8a56df4c9a781c91eef18dc3aed4db5b292c03a6deb31ed856

  • SHA512

    60b82a4d28d847032ee1564e5fdc810a1d1c3e707e0c8092eb07aba90cebd131090e7f002f4829e70b978b1c94371754427675bd82754e3a51d0521844ce10bf

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.middlehambooks.com/klf/

Decoy

podcastyourvote.com

northernlsx.com

guide4idiots.com

artebythesea.com

sapanyc.com

livinoutthedreamsco.com

thepowersinyou.com

protocolmodern.com

holdergear.com

betteringthehumanexperience.xyz

agnostec.com

royermaldonado.com

wealthtruckingco.com

artcode-software.com

microsoftpods.com

identityofplace.com

algoritas.com

grandpaurbanfarm.net

zahidibr.com

flawlessdrinking.com

Targets

    • Target

      PI.exe

    • Size

      893KB

    • MD5

      2c2689d8df4d2bcfa0ed7ec258dd2995

    • SHA1

      b709bf1f74f0788bf531f6456377de5f11d3cbad

    • SHA256

      347d1f815da2688725cc8fe7bfa9cc5369800b8d30bcddce7ac4bc6a21f972e7

    • SHA512

      bad3421f762bf2376b9f8414008d8fe427612afcef7b202c31baed0d93e46ef19bcb67696a950438aedb0f4fee491f274fccc1c4d47262e4af60f81ba5e52ee9

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks