Overview

overview

10

Static

static

1b415a5661...4f.exe

windows7_x64

10

1b415a5661...4f.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1b415a56616a9f7c2e37fc2ce570664f

  • Size

    884KB

  • Sample

    210706-dtgb24lpvs

  • MD5

    1b415a56616a9f7c2e37fc2ce570664f

  • SHA1

    2e7a5b8378e9a0e5fd7f5a8321af4d128ef2a1a3

  • SHA256

    14ebcbc69653d3257eb42c91734bcf2a1ca5dff12c31c06cf955279ea4af5bfd

  • SHA512

    e77e25ffeae630cc2413fd969462a7fd019738f2981b4304ab6ba4cc5bb9530db3f1210c5cb90665529f6c25c03f6a63362362a18e6bb801edeccc979a0f711b

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.lifeafterbobby.com/vn3b/

Decoy

rowenglobal.com

abrirumaempresa.com

videosbet.xyz

blackbettyxt.com

trust-red.net

sonyalpharunors.com

shiqichaoji.com

allex-ru.com

totalpowerpc.store

ptocom.com

quantumsai.club

toughcookie.love

nivafitness.com

bioskopmovie21.com

giatsaygiare.com

xiongmaojingxuan.com

zjjly88.com

trampmotorsports.com

pibblekibble.com

mymounntnittanyhealth.com

Targets

    • Target

      1b415a56616a9f7c2e37fc2ce570664f

    • Size

      884KB

    • MD5

      1b415a56616a9f7c2e37fc2ce570664f

    • SHA1

      2e7a5b8378e9a0e5fd7f5a8321af4d128ef2a1a3

    • SHA256

      14ebcbc69653d3257eb42c91734bcf2a1ca5dff12c31c06cf955279ea4af5bfd

    • SHA512

      e77e25ffeae630cc2413fd969462a7fd019738f2981b4304ab6ba4cc5bb9530db3f1210c5cb90665529f6c25c03f6a63362362a18e6bb801edeccc979a0f711b

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks