Overview

overview

10

Static

static

106ada585d...78.exe

windows7_x64

10

106ada585d...78.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    106ada585df884b13cd6a8a71e404c78.exe

  • Size

    706KB

  • Sample

    210504-bmlwnmxnqj

  • MD5

    106ada585df884b13cd6a8a71e404c78

  • SHA1

    470e8dd108972fe65c027b9d4856aa365b69fd9e

  • SHA256

    612d1888d98714893e69c4649a46a990c9c26367834d5be5afc05df15e913572

  • SHA512

    aa354154c552b5ea442a980a00abd64691caf30c73bc5bfc97846c0ad394ce4e829308b99642d09ad9d2843feda689770614116092210541655b66aafc2defb2

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.mvcsecrets.com/op9s/

Decoy

uscoser.club

gustrad.com

sowftwer.com

psychicpatrol.com

lmouowgoaa.com

riandmoara.com

sushigardentogo.com

cannabimall.com

ecolodgesworld.com

mysandboxcsp.com

coxsmobility.com

sfs-distribution.info

tymict.com

u-bahn.online

chrisjohnsondrums.com

comfyscoffee.com

eastwoodlearningcenter.com

a-authenticate.com

greatroyalspices.com

legalparaprofessionalonline.com

Targets

    • Target

      106ada585df884b13cd6a8a71e404c78.exe

    • Size

      706KB

    • MD5

      106ada585df884b13cd6a8a71e404c78

    • SHA1

      470e8dd108972fe65c027b9d4856aa365b69fd9e

    • SHA256

      612d1888d98714893e69c4649a46a990c9c26367834d5be5afc05df15e913572

    • SHA512

      aa354154c552b5ea442a980a00abd64691caf30c73bc5bfc97846c0ad394ce4e829308b99642d09ad9d2843feda689770614116092210541655b66aafc2defb2

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks