Overview

overview

10

Static

static

Purchase O...16.exe

windows7_x64

10

Purchase O...16.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order #330716.exe

  • Size

    612KB

  • Sample

    210510-s4cvy5fsxn

  • MD5

    78326c1e8316445d594246175e301916

  • SHA1

    dabe277f1f69b0dd34fd153eafdac13c3c8b9984

  • SHA256

    4a41c471d9315c849aa3585f39d511ba8c359e45df6d7fb0932ab52662e5a6e7

  • SHA512

    4cda4666697688244dfd565f9fdd852349f8db686d69b21dc9a29eb83efc37bfdbcff6b4d8f82e14eaa37c4b9abad5c8a39788354797003c450bb3dac7760cab

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.itoatoapparel.com/hfg/

Decoy

0nqcaw.com

seamtube.com

chinachongren.com

shop-deinen-deal.com

socialmediabutler.net

careerenabler.net

trumpmasksshop.com

theopulencegroups.com

meshfacilities.com

sedaifu.com

ahesitanttraveler.com

xn--nbkvf9b5bzfx438ch6sa.com

iqrafootwearbd.com

akurasushinewyorkny.com

paginasny.com

www7shire.com

frenchyoutlet.com

lw14.com

nmdetransports.net

advjuniorconsultoria.com

Targets

    • Target

      Purchase Order #330716.exe

    • Size

      612KB

    • MD5

      78326c1e8316445d594246175e301916

    • SHA1

      dabe277f1f69b0dd34fd153eafdac13c3c8b9984

    • SHA256

      4a41c471d9315c849aa3585f39d511ba8c359e45df6d7fb0932ab52662e5a6e7

    • SHA512

      4cda4666697688244dfd565f9fdd852349f8db686d69b21dc9a29eb83efc37bfdbcff6b4d8f82e14eaa37c4b9abad5c8a39788354797003c450bb3dac7760cab

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks