Overview

overview

10

Static

static

Confirm!!!.exe

windows7_x64

10

Confirm!!!.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Confirm!!!.exe

  • Size

    1.1MB

  • Sample

    210509-4br2bg2pg6

  • MD5

    7afd3b350ea6451b47be2058c07365de

  • SHA1

    8186d625b6f406d71a27aa8ef51f52902c5c26f0

  • SHA256

    540021aa05d8985bf6eca783d86cdada2727b5ed0b1a943cb9cdfb224a4e50f1

  • SHA512

    02a7ec42b3d9c9f6e6b1538406b08fccd1a661c05d62b89a211443bad25acf520d78711906009f1215647971e6d7e8a65fddbe06efcc32c438e0b7e8b53d34d1

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.deuxus.com/t052/

Decoy

ladybug-learning.com

unforgottenstory.com

oldmopaiv.xyz

natashaexim.com

hannahmcelgunn.com

retargetingmachines.info

njoconline.com

unicornlankadelivery.com

giftkerala.com

englishfordoctors.online

schatzilandrvresort.com

brujoisaac.com

basiccampinggear.com

escapees.today

dgyxsy888.com

stevebana.xyz

mimozakebap.com

ezdoff.com

pluumyspalace.com

shaoshanshan.com

Targets

    • Target

      Confirm!!!.exe

    • Size

      1.1MB

    • MD5

      7afd3b350ea6451b47be2058c07365de

    • SHA1

      8186d625b6f406d71a27aa8ef51f52902c5c26f0

    • SHA256

      540021aa05d8985bf6eca783d86cdada2727b5ed0b1a943cb9cdfb224a4e50f1

    • SHA512

      02a7ec42b3d9c9f6e6b1538406b08fccd1a661c05d62b89a211443bad25acf520d78711906009f1215647971e6d7e8a65fddbe06efcc32c438e0b7e8b53d34d1

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks