Overview

overview

10

Static

static

(G0170-PF3...0).exe

windows7_x64

1

(G0170-PF3...0).exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    (G0170-PF3F-21-0510).exe

  • Size

    747KB

  • Sample

    210510-3j2ftbqwf6

  • MD5

    d557c38c880b3c4e2ba7bd8a17674e30

  • SHA1

    cae80d12d5deff61dae302e3d83cae8f0472211f

  • SHA256

    b66fc87dff2d8feb58c2d19e67ca54a0dc0139d0fc9de0ff4bd3e0c2b1fac519

  • SHA512

    6e5e03584d6c76232e9d72d960e7a1c070c502c4eac42a52303524ed5085031eea483d2759fc2692467549a2a77c7711e4334a9b1f62ed6177331c145502ec4d

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.panda810.com/sve/

Decoy

rockouqe.com

secureproductsolutions.net

josephserino.com

operationstrategy.com

umrohalfatih.com

humanityenlightened.com

taylorxgroup.com

francescopetroni.net

anaume-kun.com

galleryalireza.com

alimamavn.com

tym0769.com

trendselection.club

warmupspod.com

v-work.xyz

aclmspecialmeeting2020.com

youporn-live.net

germinatebio.net

hempnseeds.com

ezfto.com

Targets

    • Target

      (G0170-PF3F-21-0510).exe

    • Size

      747KB

    • MD5

      d557c38c880b3c4e2ba7bd8a17674e30

    • SHA1

      cae80d12d5deff61dae302e3d83cae8f0472211f

    • SHA256

      b66fc87dff2d8feb58c2d19e67ca54a0dc0139d0fc9de0ff4bd3e0c2b1fac519

    • SHA512

      6e5e03584d6c76232e9d72d960e7a1c070c502c4eac42a52303524ed5085031eea483d2759fc2692467549a2a77c7711e4334a9b1f62ed6177331c145502ec4d

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks