Overview

overview

10

Static

static

[RFQ] New ...on.exe

windows7_x64

10

[RFQ] New ...on.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    [RFQ] New Project Items 7519 Quotation.exe

  • Size

    631KB

  • Sample

    210510-7m6fmntnva

  • MD5

    d4e1ec4ec4ca6e4807739df8d64f4943

  • SHA1

    de5e4589ed7c9b727ae72abdcd80f8c3afa5e051

  • SHA256

    6f30586ae0f10f48d85d4c59c351756df1754de806b4aa52078bde8d792437ea

  • SHA512

    7d4c3f09108f5519c4c4d054ff0ea31f9cf3dedeffbad698ead6dd5afb94191527d329e4645f02f1d96a4a6910974c0d09468b290eeb111780bc5d93cf3d7bad

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.royalelectricvehicle.com/m8uk/

Decoy

blackcountryteshirts.com

pioneergeoscience.com

calacciwedding.com

theelegantdoorbow.com

graciosera.com

kwikversity.com

izita.xyz

drivewiththebest.co.uk

kakback.xyz

sachascott.net

lifeenterprisesystems.com

interimgirl.com

myviralplatform.com

spainmatrimony.com

supergenx.com

leglehla.icu

otlhswdok.icu

1stfdsqnre.com

xxxcentral.net

movimentare.com

Targets

    • Target

      [RFQ] New Project Items 7519 Quotation.exe

    • Size

      631KB

    • MD5

      d4e1ec4ec4ca6e4807739df8d64f4943

    • SHA1

      de5e4589ed7c9b727ae72abdcd80f8c3afa5e051

    • SHA256

      6f30586ae0f10f48d85d4c59c351756df1754de806b4aa52078bde8d792437ea

    • SHA512

      7d4c3f09108f5519c4c4d054ff0ea31f9cf3dedeffbad698ead6dd5afb94191527d329e4645f02f1d96a4a6910974c0d09468b290eeb111780bc5d93cf3d7bad

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks