Overview

overview

10

Static

static

1

PO.exe

windows7_x64

10

PO.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO.gz

  • Size

    213KB

  • Sample

    210505-6xq72v9d5x

  • MD5

    4646daf29bcf6c9e54388dce8336bbf8

  • SHA1

    b167a5029ddb68822eb0c297cda2f0a41408ee8c

  • SHA256

    e790d3b335685462e33550be9839373d1a52c0f3048aafaf9ff9bcdcd4a721a6

  • SHA512

    e8a3cc71dcc63db6584fce59fe36f3c0b70cedd2522bd1eead7a31e2b26e33ff480a150016013cb32e0232d3202f3f15297702706e08d170ad2b8410cffdba19

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.knighttechinca.com/dxe/

Decoy

sardarfarm.com

959tremont.com

privat-livecam.net

ansel-homebakery.com

joysupermarket.com

peninsulamatchmakers.net

northsytyle.com

radioconexaoubermusic.com

relocatingrealtor.com

desyrnan.com

onlinehoortoestel.online

enpointe.online

rvvikings.com

paulpoirier.com

shitarpa.net

kerneis.net

rokitreach.com

essentiallygaia.com

prestiged.net

fuerzaagavera.com

Targets

    • Target

      PO.exe

    • Size

      228KB

    • MD5

      2593eef7b38e160b9697f2479fa8843f

    • SHA1

      25d4d88f321321fb5b2b316fd5dbcd5bb144daa1

    • SHA256

      b35de004189f271fe754dd614e5fbbc299425f5aca9ebf1f935bf26696964853

    • SHA512

      c5beb57aae9c18ca5d7d73954216abc6a07871666d08a654d7b5d8e1d25b0defe9ca66eee77325bed03870a39757c85df13f868472447369bd2903ba05336a21

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks