Overview

overview

10

Static

static

GZocMWoCzL3Rd62.exe

windows7_x64

10

GZocMWoCzL3Rd62.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GZocMWoCzL3Rd62.exe

  • Size

    776KB

  • Sample

    210508-1zje7e5z4j

  • MD5

    7fa5e34cdc678f80f7086dae5da6c932

  • SHA1

    17a328e171beeaeb9cbf2c6fae4d1767c4f859bf

  • SHA256

    de96d53592393fa5cd5dc6ed2d8d9430245ac083643591b6f060a4efc2e044d6

  • SHA512

    e45190526be45344626a8cc4d769118927f3eab017e3a631c5d9dd34a8fbdcdce4719f54704cfef10b91980e83a667c09178b366ac48b6d4f1ceecac832ce017

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.itoatoapparel.com/hfg/

Decoy

0nqcaw.com

seamtube.com

chinachongren.com

shop-deinen-deal.com

socialmediabutler.net

careerenabler.net

trumpmasksshop.com

theopulencegroups.com

meshfacilities.com

sedaifu.com

ahesitanttraveler.com

xn--nbkvf9b5bzfx438ch6sa.com

iqrafootwearbd.com

akurasushinewyorkny.com

paginasny.com

www7shire.com

frenchyoutlet.com

lw14.com

nmdetransports.net

advjuniorconsultoria.com

Targets

    • Target

      GZocMWoCzL3Rd62.exe

    • Size

      776KB

    • MD5

      7fa5e34cdc678f80f7086dae5da6c932

    • SHA1

      17a328e171beeaeb9cbf2c6fae4d1767c4f859bf

    • SHA256

      de96d53592393fa5cd5dc6ed2d8d9430245ac083643591b6f060a4efc2e044d6

    • SHA512

      e45190526be45344626a8cc4d769118927f3eab017e3a631c5d9dd34a8fbdcdce4719f54704cfef10b91980e83a667c09178b366ac48b6d4f1ceecac832ce017

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks