Overview

overview

10

Static

static

akon.exe

windows7_x64

10

akon.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    akon.exe

  • Size

    756KB

  • Sample

    210507-cqsrl8b7xe

  • MD5

    0690de55a2a4081dd2ebc1f658bba4da

  • SHA1

    e4952f3e5cb0c877c682678dbee181a8c737df28

  • SHA256

    8bb3e6cace7598576464639d7f88d0c4d55919b2e110a341df89a1569ae0d5b7

  • SHA512

    94576e743a774e30fbe40053d06c3d4ad8c4c2e421297bcae108a780713da45bf24487a541fbb1b706d0855a69d6883b68f2ec06be9bd2032e72a77d96ecf5c9

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.merifalls.com/4kx/

Decoy

eufood.info

theprotestmatters.com

khauchakhajina.com

008usa-xxf.com

backriverroadsportsplex.com

shopalndrinks.com

necght.xyz

summaryborrow.info

mys518.com

shopapemodeapparel.com

christineroseartiste.com

rsw2226.com

ashes-of-creation.com

shamilalyadin.com

learning-synergy.com

sendstats.net

waverdemo.tech

dubestol.com

bolterbunny.com

beerciderrebattes.com

Targets

    • Target

      akon.exe

    • Size

      756KB

    • MD5

      0690de55a2a4081dd2ebc1f658bba4da

    • SHA1

      e4952f3e5cb0c877c682678dbee181a8c737df28

    • SHA256

      8bb3e6cace7598576464639d7f88d0c4d55919b2e110a341df89a1569ae0d5b7

    • SHA512

      94576e743a774e30fbe40053d06c3d4ad8c4c2e421297bcae108a780713da45bf24487a541fbb1b706d0855a69d6883b68f2ec06be9bd2032e72a77d96ecf5c9

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks