Overview

overview

10

Static

static

INv02938727.exe

windows7_x64

10

INv02938727.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INv02938727.exe

  • Size

    702KB

  • Sample

    210510-p4e3cxh6we

  • MD5

    a3b74acf9723e53d6caea736faae9708

  • SHA1

    2714e0ec97d81921312f0db6470dc40f55d16b96

  • SHA256

    f8e8f64bb17ffb2fea18b7671602a76a8b5734607c7a7ae035dce8eed8381a74

  • SHA512

    e468c5146e35f8aae5536c7ce6c490b68588af0f71fd5d85d0b1dfe9b1831be55a2d9b8787035fc95e288f41c7ab7c4cf73965d6707bbfbe4685655ffbe4fa6b

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.hometowncashbuyersgroup.com/kkt/

Decoy

inspirafutebol.com

customgiftshouston.com

mycreativelending.com

psplaystore.com

newlivingsolutionshop.com

dechefamsterdam.com

servicingl0ans.com

atsdholdings.com

manifestarz.com

sequenceanalytica.com

gethealthcaresmart.com

theartofsurprises.com

pirateequitypatrick.com

alliance-ce.com

wingrushusa.com

funtimespheres.com

solevux.com

antimasathya.com

profitexcavator.com

lankeboxshop.com

Targets

    • Target

      INv02938727.exe

    • Size

      702KB

    • MD5

      a3b74acf9723e53d6caea736faae9708

    • SHA1

      2714e0ec97d81921312f0db6470dc40f55d16b96

    • SHA256

      f8e8f64bb17ffb2fea18b7671602a76a8b5734607c7a7ae035dce8eed8381a74

    • SHA512

      e468c5146e35f8aae5536c7ce6c490b68588af0f71fd5d85d0b1dfe9b1831be55a2d9b8787035fc95e288f41c7ab7c4cf73965d6707bbfbe4685655ffbe4fa6b

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks