Overview

overview

10

Static

static

8

556791.msi

windows7_x64

10

556791.msi

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    556791.msi

  • Size

    252KB

  • Sample

    210507-zrerlqwq52

  • MD5

    04d6b8269105608ef9a560927dc3a9fa

  • SHA1

    80f9a44457b63b766ce26acfb69676a402c2b838

  • SHA256

    dd3ecf0b5a39b287ba63687fe12ff1f1fcdde34adf0f3e30f7990ebc158347d8

  • SHA512

    5e3b4db37438d9cc3591867ad38d1d7d9c1cb24b13ce2a798a7a1c8627ef64c157241d734067446f3ef4856ca5513db3d61c17ea030bca9361e01fb0fcdb31d2

Score
10/10
formbookmacroratspywarestealertrojanxlm

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.111bjs.com/ccr/

Decoy

abdullahlodhi.com

jevya.com

knoxvillerestaurant.com

mekarauroko7389.com

cricketspowder.net

johannchirinos.com

orangeorganical.com

libero-tt.com

lorenaegianluca.com

wintab.net

modernmillievintage.com

zgdqcyw.com

jeffabildgaardmd.com

nurulfikrimakassar.com

findyourchef.com

innovationsservicegroup.com

destek-taleplerimiz.com

whfqqco.icu

kosmetikmadeingermany.com

dieteticos.net

Targets

    • Target

      556791.msi

    • Size

      252KB

    • MD5

      04d6b8269105608ef9a560927dc3a9fa

    • SHA1

      80f9a44457b63b766ce26acfb69676a402c2b838

    • SHA256

      dd3ecf0b5a39b287ba63687fe12ff1f1fcdde34adf0f3e30f7990ebc158347d8

    • SHA512

      5e3b4db37438d9cc3591867ad38d1d7d9c1cb24b13ce2a798a7a1c8627ef64c157241d734067446f3ef4856ca5513db3d61c17ea030bca9361e01fb0fcdb31d2

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks