Overview

overview

10

Static

static

1

SHIPPING DOCUMENT.exe

windows7_x64

10

SHIPPING DOCUMENT.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SHIPPING DOCUMENT.exe

  • Size

    229KB

  • Sample

    210505-dn5wzxznvs

  • MD5

    2a7d9a26f63de29bbf21016b055560b1

  • SHA1

    8110d53cc373121512c1fb90c4ce12fedc07803a

  • SHA256

    2a728511ab345b4207ea5959439df12205796548388cc170b427110f9cc247dd

  • SHA512

    4bb88aaa2c8f9d8d3ecbc53910b20c1eb121222f31503792196cac567f640125e75e92c99147732d24db24ae7d81f01a0fca7c1ba3627a1565c9702e89303cc3

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.knighttechinca.com/dxe/

Decoy

sardarfarm.com

959tremont.com

privat-livecam.net

ansel-homebakery.com

joysupermarket.com

peninsulamatchmakers.net

northsytyle.com

radioconexaoubermusic.com

relocatingrealtor.com

desyrnan.com

onlinehoortoestel.online

enpointe.online

rvvikings.com

paulpoirier.com

shitarpa.net

kerneis.net

rokitreach.com

essentiallygaia.com

prestiged.net

fuerzaagavera.com

Targets

    • Target

      SHIPPING DOCUMENT.exe

    • Size

      229KB

    • MD5

      2a7d9a26f63de29bbf21016b055560b1

    • SHA1

      8110d53cc373121512c1fb90c4ce12fedc07803a

    • SHA256

      2a728511ab345b4207ea5959439df12205796548388cc170b427110f9cc247dd

    • SHA512

      4bb88aaa2c8f9d8d3ecbc53910b20c1eb121222f31503792196cac567f640125e75e92c99147732d24db24ae7d81f01a0fca7c1ba3627a1565c9702e89303cc3

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks