Overview

overview

10

Static

static

6a0200a431...bc.exe

windows7_x64

10

6a0200a431...bc.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6a0200a4316e595561f8527e3bcf27bc.exe

  • Size

    925KB

  • Sample

    210721-4c19fjwc7e

  • MD5

    6a0200a4316e595561f8527e3bcf27bc

  • SHA1

    4c356c914ccdf83b8c89b6a02a2c4a9391094763

  • SHA256

    f8f02165547227a6692d503cf1203dcaf2d43b58219bb78cb0e42895f49a8121

  • SHA512

    af3decd9eaf59e31462fce7cdf36335814151c6c512aa0248d0877c7addbfeccdb530f01a11de1fc47b6d8f5bd1dc506175d9c0d4fd67376cd06da5e89b90470

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.hometowncashbuyersgroup.com/kkt/

Decoy

inspirafutebol.com

customgiftshouston.com

mycreativelending.com

psplaystore.com

newlivingsolutionshop.com

dechefamsterdam.com

servicingl0ans.com

atsdholdings.com

manifestarz.com

sequenceanalytica.com

gethealthcaresmart.com

theartofsurprises.com

pirateequitypatrick.com

alliance-ce.com

wingrushusa.com

funtimespheres.com

solevux.com

antimasathya.com

profitexcavator.com

lankeboxshop.com

Targets

    • Target

      6a0200a4316e595561f8527e3bcf27bc.exe

    • Size

      925KB

    • MD5

      6a0200a4316e595561f8527e3bcf27bc

    • SHA1

      4c356c914ccdf83b8c89b6a02a2c4a9391094763

    • SHA256

      f8f02165547227a6692d503cf1203dcaf2d43b58219bb78cb0e42895f49a8121

    • SHA512

      af3decd9eaf59e31462fce7cdf36335814151c6c512aa0248d0877c7addbfeccdb530f01a11de1fc47b6d8f5bd1dc506175d9c0d4fd67376cd06da5e89b90470

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks