Overview

overview

10

Static

static

3ecdafd3c1...b8.exe

windows7_x64

10

3ecdafd3c1...b8.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3ecdafd3c19efbfc4f06d5d2aefd02b8

  • Size

    888KB

  • Sample

    210706-51yz5vkz4a

  • MD5

    3ecdafd3c19efbfc4f06d5d2aefd02b8

  • SHA1

    808ab748f5fee7b4f5b802a89b1e3ac44e47fdd1

  • SHA256

    f198ab80b865300fc6721e506292ddbe21d18004daec3f567c53fd9e2d86dc7f

  • SHA512

    99098adfaa9358d10ccd47b63631b0369fb8bdd4a95714c2611d2668e9aba20c3671bb42af59ec773470e1297f13d28ccf09d8280a3b2e1cdb9dbce920526523

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.hai96.com/lvno/

Decoy

pennilanecompany.com

doshjpft.icu

avolveathlete.com

infinixinfo.com

boforpresident.com

tepeyaccafe.com

psontour.com

bootyandbeauty.com

saisdgiveaway.com

pokebrostogo.com

pizzafromsky.com

cobroking.site

greisslerbox.com

twittletweet.com

xwbcm817.xyz

100hougong.com

fdn2018.com

bestrankedstuff.com

astralmotivations.com

gottagowalkies.com

Targets

    • Target

      3ecdafd3c19efbfc4f06d5d2aefd02b8

    • Size

      888KB

    • MD5

      3ecdafd3c19efbfc4f06d5d2aefd02b8

    • SHA1

      808ab748f5fee7b4f5b802a89b1e3ac44e47fdd1

    • SHA256

      f198ab80b865300fc6721e506292ddbe21d18004daec3f567c53fd9e2d86dc7f

    • SHA512

      99098adfaa9358d10ccd47b63631b0369fb8bdd4a95714c2611d2668e9aba20c3671bb42af59ec773470e1297f13d28ccf09d8280a3b2e1cdb9dbce920526523

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks