Overview

overview

10

Static

static

1

PI.exe

windows7_x64

10

PI.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PI.exe

  • Size

    229KB

  • Sample

    210505-x7elgrvm5e

  • MD5

    faa85d608853f8f467909b19eac68daa

  • SHA1

    2eafec60349d9a3cefd12e031f2597ca21c279b3

  • SHA256

    c7b835a38f13c18350ba953a8f57f8c90a237804c377ba32d6fd212daa08e98c

  • SHA512

    c3ccd2494c336d7479ec4cd70dbe61900c3ff2c9882fee7f84314151e2682ef2b335da85e3df175bb04b39a4148f376a4f279ae9009a961ee66ba60b51f9eb00

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.knighttechinca.com/dxe/

Decoy

sardarfarm.com

959tremont.com

privat-livecam.net

ansel-homebakery.com

joysupermarket.com

peninsulamatchmakers.net

northsytyle.com

radioconexaoubermusic.com

relocatingrealtor.com

desyrnan.com

onlinehoortoestel.online

enpointe.online

rvvikings.com

paulpoirier.com

shitarpa.net

kerneis.net

rokitreach.com

essentiallygaia.com

prestiged.net

fuerzaagavera.com

Targets

    • Target

      PI.exe

    • Size

      229KB

    • MD5

      faa85d608853f8f467909b19eac68daa

    • SHA1

      2eafec60349d9a3cefd12e031f2597ca21c279b3

    • SHA256

      c7b835a38f13c18350ba953a8f57f8c90a237804c377ba32d6fd212daa08e98c

    • SHA512

      c3ccd2494c336d7479ec4cd70dbe61900c3ff2c9882fee7f84314151e2682ef2b335da85e3df175bb04b39a4148f376a4f279ae9009a961ee66ba60b51f9eb00

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks