Overview

overview

10

Static

static

Order 2021...4,.exe

windows7_x64

10

Order 2021...4,.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Order 202139769574,.exe

  • Size

    845KB

  • Sample

    210510-zr5xwwqptj

  • MD5

    d72f1abe7c521c844071a8265b92545b

  • SHA1

    0c59a02103a9a7fb663a37809563a48a8adb097e

  • SHA256

    83fed765d229173fedc6811b521cebdfcec3342713679a57d49188ba554c00fb

  • SHA512

    c1cc91e626d3600a5e7c03c61e051f29dc1f3a3dc10550b0587e2540e7c8ca2ff4cdea5b5fed79dc0c167d9ae2182178d5ea97ec424dd21486f56b28859382e8

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.magnumopuspro.com/nyr/

Decoy

anemone-vintage.com

ironcitytools.com

joshandmatthew.com

breathtakingscenery.photos

karabakh-terror.com

micahelgall.com

entretiendesterrasses.com

mhgholdings.com

blewm.com

sidewalknotary.com

ytrs-elec.com

danhpham.com

ma21cle2henz.xyz

lotusforlease.com

shipleyphotoandfilm.com

bulktool.xyz

ouedzmala.com

yichengvpr.com

connectmygames.com

chjcsc.com

Targets

    • Target

      Order 202139769574,.exe

    • Size

      845KB

    • MD5

      d72f1abe7c521c844071a8265b92545b

    • SHA1

      0c59a02103a9a7fb663a37809563a48a8adb097e

    • SHA256

      83fed765d229173fedc6811b521cebdfcec3342713679a57d49188ba554c00fb

    • SHA512

      c1cc91e626d3600a5e7c03c61e051f29dc1f3a3dc10550b0587e2540e7c8ca2ff4cdea5b5fed79dc0c167d9ae2182178d5ea97ec424dd21486f56b28859382e8

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks