Overview

overview

10

Static

static

PO#6275473...ng.exe

windows7_x64

10

PO#6275473...ng.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO#6275473, Shipping.exe

  • Size

    665KB

  • Sample

    210510-tlmr6vexna

  • MD5

    cb78b28dea109d0e11a05934e02cf9d8

  • SHA1

    caab11bc17589dc8d20805070d1e343d60192751

  • SHA256

    5f05f0816898db3798aaa6722cfbd0f625a0eac271b72d0b8c295fa056dff733

  • SHA512

    8b53f9c263efd1c2ef9011de1112deac3d15d7d31cdf4061f2cca19a4a713bca873d6f0ee0778d3a7eafbbe62a23e891dea8668164f2e9d20645f0aed3a8abaa

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.magnumopuspro.com/nyr/

Decoy

anemone-vintage.com

ironcitytools.com

joshandmatthew.com

breathtakingscenery.photos

karabakh-terror.com

micahelgall.com

entretiendesterrasses.com

mhgholdings.com

blewm.com

sidewalknotary.com

ytrs-elec.com

danhpham.com

ma21cle2henz.xyz

lotusforlease.com

shipleyphotoandfilm.com

bulktool.xyz

ouedzmala.com

yichengvpr.com

connectmygames.com

chjcsc.com

Targets

    • Target

      PO#6275473, Shipping.exe

    • Size

      665KB

    • MD5

      cb78b28dea109d0e11a05934e02cf9d8

    • SHA1

      caab11bc17589dc8d20805070d1e343d60192751

    • SHA256

      5f05f0816898db3798aaa6722cfbd0f625a0eac271b72d0b8c295fa056dff733

    • SHA512

      8b53f9c263efd1c2ef9011de1112deac3d15d7d31cdf4061f2cca19a4a713bca873d6f0ee0778d3a7eafbbe62a23e891dea8668164f2e9d20645f0aed3a8abaa

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks