Overview

overview

10

Static

static

RFQ.exe

windows7_x64

10

RFQ.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ.exe

  • Size

    845KB

  • Sample

    210430-38qm25m34x

  • MD5

    90064098dcdf665a8affc5825e4e7815

  • SHA1

    81adbb9921401a4bb567f665d3dabeff61278a04

  • SHA256

    9ca276f44ec7a1e4745a4d880072d374fd6db44efb6e9c2b44e80cfcf0274472

  • SHA512

    e01a5d638e81a9665e49743229f2194b3201832e50855ce1c4a701985c0902ed4e21954d4afab1d1f99c348461eeb58121b7d2b0a05f9ce53abc4190d9382f79

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.consultinggroupwv.com/ple/

Decoy

antibuildshop.com

saveyourgrandchildren.com

nelivo.com

skatelife.net

shiftingbaba.com

5daykitchen.contractors

influenciadoradesucesso.com

fuutu.com

mejor-producto.com

xianqianbao99.com

uq6eik5mo4.com

kn-security.com

dangerouslyme.com

whmznx.club

teteperformance.com

gospelofrecovery.com

lakidsacting.com

halojabar.com

easytolovehardtodefine.com

safeairseal.com

Targets

    • Target

      RFQ.exe

    • Size

      845KB

    • MD5

      90064098dcdf665a8affc5825e4e7815

    • SHA1

      81adbb9921401a4bb567f665d3dabeff61278a04

    • SHA256

      9ca276f44ec7a1e4745a4d880072d374fd6db44efb6e9c2b44e80cfcf0274472

    • SHA512

      e01a5d638e81a9665e49743229f2194b3201832e50855ce1c4a701985c0902ed4e21954d4afab1d1f99c348461eeb58121b7d2b0a05f9ce53abc4190d9382f79

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks