Overview

overview

10

Static

static

w73FtMA4ZTl9NFm.exe

windows7_x64

1

w73FtMA4ZTl9NFm.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    w73FtMA4ZTl9NFm.exe

  • Size

    762KB

  • Sample

    210504-rpky9kv746

  • MD5

    ff44bfe6955f4d11f915b4a0b818fc7c

  • SHA1

    3e094caff011346ad02aeafcb5769a519cf10dc0

  • SHA256

    929fd55e632471f4f35295e574c6814a3de9662398b7a606e352ecba9c52de7e

  • SHA512

    f4ee80c0bb0bae5532b880ffa704d8d99f06c0c6b3699b95be3e802347345b7cc62251ff16a0a1023303a1a72f987d39be271579652c0364485a82e7e2ab649d

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.naiping8.com/blm/

Decoy

basilaws.com

laesses.com

isematsudai.com

cafperfect.com

listocalistoanimation.com

bikesofthefuture.com

sweette.com

instagramhelpsnow.com

wuxians.com

canadianpayday.loans

tiklaulan.xyz

marketingbuddhi.com

centrocaninopochs.com

doodletrends.com

praiship.com

alghuta.com

kompramania.com

thenewdawncompany.com

shopthegoodbar.com

emergencyuavsolutions.com

Targets

    • Target

      w73FtMA4ZTl9NFm.exe

    • Size

      762KB

    • MD5

      ff44bfe6955f4d11f915b4a0b818fc7c

    • SHA1

      3e094caff011346ad02aeafcb5769a519cf10dc0

    • SHA256

      929fd55e632471f4f35295e574c6814a3de9662398b7a606e352ecba9c52de7e

    • SHA512

      f4ee80c0bb0bae5532b880ffa704d8d99f06c0c6b3699b95be3e802347345b7cc62251ff16a0a1023303a1a72f987d39be271579652c0364485a82e7e2ab649d

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks