Overview

overview

10

Static

static

MSUtbPjUGib2dvd.exe

windows7_x64

10

MSUtbPjUGib2dvd.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MSUtbPjUGib2dvd.exe

  • Size

    733KB

  • Sample

    210503-1s8mkatgge

  • MD5

    2f7f29fe69e0b9bcd41c069689fd9cb5

  • SHA1

    eacd339fda8902c242a9831dac733ac4ef77d1ee

  • SHA256

    82a09751c8b51a1dc0aca4780015f833a2ef01ff6d3d5f2d98dcd588381bec82

  • SHA512

    3becde1b46a4f640899bd4286fb0ba892e4cfe24a3c4c2c1b6975628ad71f75abaceedde64f1e0d870f2224236287875bd8f394cfe362cb2bca7b7a9ee712f1f

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.zmuoxb.com/ffy/

Decoy

kundk-gebaeudemanagement.com

theeconomicalmillennial.com

bigbuttdating.net

dauthomdubai.com

thesilverslipper.club

onwardmotionpictures.com

tl2009.com

nelivo.com

valuablebet.com

kupiokno-online.com

magnoot.xyz

blandiskodk.com

thevibes.net

tp-simogame.com

cigarettes-on-line.com

radiancebyreilly.com

1mame.net

fimimarket.com

cayupi.com

transperucorp.com

Targets

    • Target

      MSUtbPjUGib2dvd.exe

    • Size

      733KB

    • MD5

      2f7f29fe69e0b9bcd41c069689fd9cb5

    • SHA1

      eacd339fda8902c242a9831dac733ac4ef77d1ee

    • SHA256

      82a09751c8b51a1dc0aca4780015f833a2ef01ff6d3d5f2d98dcd588381bec82

    • SHA512

      3becde1b46a4f640899bd4286fb0ba892e4cfe24a3c4c2c1b6975628ad71f75abaceedde64f1e0d870f2224236287875bd8f394cfe362cb2bca7b7a9ee712f1f

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks