Overview

overview

10

Static

static

1

Order Euro...00.exe

windows7_x64

10

Order Euro...00.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Order Euro 890,000.exe

  • Size

    393KB

  • Sample

    210507-2grvtkqbax

  • MD5

    972c8502ec6351a57fa5ae84fd39e185

  • SHA1

    ea02ba185facd60978f365dae414326e920ec5a7

  • SHA256

    1893345e891ce74b4cfd82071d82f7566e3c44d8bf0e7a33f4207aa8d941632c

  • SHA512

    ecde556d4c6e769dcc6b81eddc507f3018387e3d017edf2df26e7432140765e97621e7e297f9a16b4cf921d2a52f44d4c82c7114616f6eb6f86164549929e893

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.owcbangalore.club/nbg/

Decoy

yogabaydioxil.xyz

ngdnwgtse.club

tsusocialisback.com

racialfires.com

sotomatch.com

tourdelacey.com

gracefullygiven.com

hyggespaceco.com

kinohhooite7.site

labellebrune.com

maniupwithapril.com

superstitionintuition.com

cuidao.net

cavitefreewifi.com

cortex-link.com

plantasmarketing.com

greenpower247.com

lemonaster.com

impact-health.com

winyourmillion.com

Targets

    • Target

      Order Euro 890,000.exe

    • Size

      393KB

    • MD5

      972c8502ec6351a57fa5ae84fd39e185

    • SHA1

      ea02ba185facd60978f365dae414326e920ec5a7

    • SHA256

      1893345e891ce74b4cfd82071d82f7566e3c44d8bf0e7a33f4207aa8d941632c

    • SHA512

      ecde556d4c6e769dcc6b81eddc507f3018387e3d017edf2df26e7432140765e97621e7e297f9a16b4cf921d2a52f44d4c82c7114616f6eb6f86164549929e893

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks