Overview

overview

10

Static

static

Purchase O...27.exe

windows7_x64

10

Purchase O...27.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order-070POR044127.r00

  • Size

    594KB

  • Sample

    210509-59ja3v7q2x

  • MD5

    a30be98f50fe10828b04eca5e6febe06

  • SHA1

    e1a94601287faa64dae6f48f991dc4c585fca87a

  • SHA256

    26f2fc802dd60b8c1bd8bc7a94e61bdadb5082605b91871399f772ca6379c661

  • SHA512

    41178c110a6beff03976e40f8ac466ba5fa60b4bed5e56c55236634d3c5518a60a300007a43fefedc64cf95f86ba5c8c96e05195c1deb6a1fe6e2390ea6b7898

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.magnumopuspro.com/nyr/

Decoy

anemone-vintage.com

ironcitytools.com

joshandmatthew.com

breathtakingscenery.photos

karabakh-terror.com

micahelgall.com

entretiendesterrasses.com

mhgholdings.com

blewm.com

sidewalknotary.com

ytrs-elec.com

danhpham.com

ma21cle2henz.xyz

lotusforlease.com

shipleyphotoandfilm.com

bulktool.xyz

ouedzmala.com

yichengvpr.com

connectmygames.com

chjcsc.com

Targets

    • Target

      Purchase Order-070POR044127.exe

    • Size

      970KB

    • MD5

      15777f1f1c6b81ea03eb9f14c3a77f68

    • SHA1

      1664e98460e60a7399d393c9df24aa5435f9e251

    • SHA256

      1012fd502b2b0f81c21293efaf6b1f012693dc485690e4b8dda25dfa4c7538d9

    • SHA512

      54e7d77fc74ce5f5331a4e1f373b9bbd4dc8dc4ffc9ec3b62f9a321535d699209956dd13d3907e0609c54410e19deddbacec1f78f02cfa80eb6788c1de99e8c7

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks