Overview

overview

10

Static

static

126-21-11HAR.exe

windows7_x64

10

126-21-11HAR.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    126-21-11HAR.exe

  • Size

    755KB

  • Sample

    210503-escg8h3wka

  • MD5

    778ae4319d1ec2798e51ca69f0be2e30

  • SHA1

    99d9fa2fc2721ce77c83f57415c1d18ff3e7fc2c

  • SHA256

    3aaa7c7c8d2fd8bba13c2a6a51dc70ec8e95cb1af76d474454b19d45ad414f4d

  • SHA512

    aeaab0c1b4c0728df6a875a005677b3b1dc75ee3c7f0df4475919ea59439a50f5997e00d9ee87442bc0b0e23c0b203533f3fc9c7dd3c2a7d792ec42544809f15

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.kelurahanpatikidul.xyz/op9s/

Decoy

playsystems-j.one

exchange.digital

usaleadsretrieval.com

mervegulistanaydin.com

heavythreadclothing.com

attorneyperu.com

lamuerteesdulce.com

catxirulo.com

willowrunconnemaras.com

laospecial.com

anchotrading.com

mycreditebook.com

jiujiu.plus

juniperconsulting.site

millionairsmindset.com

coronaviruscuredrugs.com

services-office.com

escanaim.com

20svip.com

pistonpounder.com

Targets

    • Target

      126-21-11HAR.exe

    • Size

      755KB

    • MD5

      778ae4319d1ec2798e51ca69f0be2e30

    • SHA1

      99d9fa2fc2721ce77c83f57415c1d18ff3e7fc2c

    • SHA256

      3aaa7c7c8d2fd8bba13c2a6a51dc70ec8e95cb1af76d474454b19d45ad414f4d

    • SHA512

      aeaab0c1b4c0728df6a875a005677b3b1dc75ee3c7f0df4475919ea59439a50f5997e00d9ee87442bc0b0e23c0b203533f3fc9c7dd3c2a7d792ec42544809f15

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks