Overview

overview

10

Static

static

0282fb6d34...af.exe

windows7_x64

10

0282fb6d34...af.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0282fb6d3422cdebf88ba2d9ce0831af.exe

  • Size

    751KB

  • Sample

    210506-kcrre6v3zx

  • MD5

    0282fb6d3422cdebf88ba2d9ce0831af

  • SHA1

    f0c80f1d6ace27df947df38aae7b11ed4b6d7144

  • SHA256

    4fb3bfa3afd4fd027aff55a6cbbc8c3d92fb5dd84bca9d88ff893928a41b9a0a

  • SHA512

    ab8df1a2b5feb03c0df351a215d6e9bb16c3b92853aab0fe7c96308fa94e1eefc362a23cff5e61da2a3e93f28e44a9954b23e363ff6dbc72ac90da95c5f8e6de

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.projectx-dev.net/hci/

Decoy

0357shop.com

cinargenerator.com

freshwes.com

dance-pods.com

cptinsano.com

animaltales1.com

ridernationusa.com

christophergagnon.com

bzjp.icu

culturefap.com

illustrationtees.com

handwritingwork.com

thebullrunranch.com

wujingli.com

wifihouten.online

okavagegroup.com

makaladiggsfitness.com

ruvapy.com

customergirl.com

guangzhoushujukuzxtftf.com

Targets

    • Target

      0282fb6d3422cdebf88ba2d9ce0831af.exe

    • Size

      751KB

    • MD5

      0282fb6d3422cdebf88ba2d9ce0831af

    • SHA1

      f0c80f1d6ace27df947df38aae7b11ed4b6d7144

    • SHA256

      4fb3bfa3afd4fd027aff55a6cbbc8c3d92fb5dd84bca9d88ff893928a41b9a0a

    • SHA512

      ab8df1a2b5feb03c0df351a215d6e9bb16c3b92853aab0fe7c96308fa94e1eefc362a23cff5e61da2a3e93f28e44a9954b23e363ff6dbc72ac90da95c5f8e6de

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks