Overview

overview

10

Static

static

FACTURA.exe

windows7_x64

10

FACTURA.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FACTURA.exe

  • Size

    611KB

  • Sample

    210430-3e32s7vafa

  • MD5

    41139206c15e8c61c27ca43e3192bc8e

  • SHA1

    02c15c14a3a0b5820ab4ed2bfd69ac91e657dd54

  • SHA256

    7e9e2f374b11dfa16e25e0d4097f977a521534e43007de1abc91a2231445f827

  • SHA512

    ae46e0e1127aeaf9ce9f9d8cd2e20215b443d5b27f19ec250c084bb5f27d2b5dae943cbe0b5deacb71f765ff64c08de4a07b7066a14cc4e40f89dc8c9bafa40e

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.middlehambooks.com/klf/

Decoy

podcastyourvote.com

northernlsx.com

guide4idiots.com

artebythesea.com

sapanyc.com

livinoutthedreamsco.com

thepowersinyou.com

protocolmodern.com

holdergear.com

betteringthehumanexperience.xyz

agnostec.com

royermaldonado.com

wealthtruckingco.com

artcode-software.com

microsoftpods.com

identityofplace.com

algoritas.com

grandpaurbanfarm.net

zahidibr.com

flawlessdrinking.com

Targets

    • Target

      FACTURA.exe

    • Size

      611KB

    • MD5

      41139206c15e8c61c27ca43e3192bc8e

    • SHA1

      02c15c14a3a0b5820ab4ed2bfd69ac91e657dd54

    • SHA256

      7e9e2f374b11dfa16e25e0d4097f977a521534e43007de1abc91a2231445f827

    • SHA512

      ae46e0e1127aeaf9ce9f9d8cd2e20215b443d5b27f19ec250c084bb5f27d2b5dae943cbe0b5deacb71f765ff64c08de4a07b7066a14cc4e40f89dc8c9bafa40e

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks