Overview

overview

10

Static

static

b57d3c5864...in.exe

windows7_x64

10

b57d3c5864...in.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5b.zip

  • Size

    680KB

  • Sample

    210505-h816gryeh6

  • MD5

    92dd951a685151d1f6643d09d0862789

  • SHA1

    b88132b7c92de28922b38f358c1cd97e3a099f8a

  • SHA256

    20fadf5fe385b80b6178b2e553bdb5b1bf8f7cc57140ab36cbd7c34099993e98

  • SHA512

    ff834c97200d3be8fd905ad49d7e4378aab4cd271e3ab4bc48d9ba8a5c889051a160718e037ee9259b8fb02e3bddac6933267b2562d20691a03a85525923ec0c

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.glittergalsboutique.com/8buc/

Decoy

affiliatetraining101.com

sun5new.com

localstuffunlimited.store

getmrn.com

nipandtucknurse.com

companycreater.com

painfullyperfect.com

3dmobilemammo.com

theredbeegroup.net

loochaan.com

alanoliveiramkt.com

lxwzsh.com

twobookramblers.com

cscardinalmalula.net

hanarzr.com

sabaicp.com

foodprocessmedia.com

tirongroup.com

dcentralizedcloud.com

xn--80abnkzb2a.xn--p1acf

Targets

    • Target

      b57d3c5864e097f7de38ab9acce31c5d8f8c7619026c075592c2ca8e24078475.bin

    • Size

      717KB

    • MD5

      321c5fea0e0a4d9852c33ccb63ac6223

    • SHA1

      f89fc9d8aa077928f712e2d32cee177d5210fb5b

    • SHA256

      b57d3c5864e097f7de38ab9acce31c5d8f8c7619026c075592c2ca8e24078475

    • SHA512

      c25bae3b77ed2e4c730a4e44878151c687b5802767f18e8ea2f252588e4cc8fa3ceb0f74891c0296afae8ed4442447a3822ebf98b40518e5d9d37135f3ae0370

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks