Overview

overview

10

Static

static

Purchase O...64.exe

windows7_x64

1

Purchase O...64.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order-10764.exe

  • Size

    778KB

  • Sample

    210510-1wajew8tkn

  • MD5

    e215c8ce14ee4aaef36fff8d642d65f2

  • SHA1

    51ac31f69e5b45e738ed6d38539c228693ac4ce7

  • SHA256

    9e393967e94c1f667955493b1b23f0b74c732a46c4eaa04d6e13a51c33a17ab9

  • SHA512

    12eb4ab62431fe882651d178ef8288f9f934a30af602177eebd54f2f94f2d3cfacf03488fc7ac9975f7c65e58ee9f502c347f84b9372e05ce68c71d91c0f4090

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.magnumopuspro.com/nyr/

Decoy

anemone-vintage.com

ironcitytools.com

joshandmatthew.com

breathtakingscenery.photos

karabakh-terror.com

micahelgall.com

entretiendesterrasses.com

mhgholdings.com

blewm.com

sidewalknotary.com

ytrs-elec.com

danhpham.com

ma21cle2henz.xyz

lotusforlease.com

shipleyphotoandfilm.com

bulktool.xyz

ouedzmala.com

yichengvpr.com

connectmygames.com

chjcsc.com

Targets

    • Target

      Purchase Order-10764.exe

    • Size

      778KB

    • MD5

      e215c8ce14ee4aaef36fff8d642d65f2

    • SHA1

      51ac31f69e5b45e738ed6d38539c228693ac4ce7

    • SHA256

      9e393967e94c1f667955493b1b23f0b74c732a46c4eaa04d6e13a51c33a17ab9

    • SHA512

      12eb4ab62431fe882651d178ef8288f9f934a30af602177eebd54f2f94f2d3cfacf03488fc7ac9975f7c65e58ee9f502c347f84b9372e05ce68c71d91c0f4090

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks