Overview

overview

10

Static

static

2bINu9BOqKtJHoo.exe

windows7_x64

1

2bINu9BOqKtJHoo.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2bINu9BOqKtJHoo.exe

  • Size

    1.1MB

  • Sample

    210721-azxrjttpvs

  • MD5

    b8b1a1e689be765aad3fe0f8d97199af

  • SHA1

    96b923aaa5b0d3e9974b4080298bb8a7bcfcf725

  • SHA256

    f0e734543c047d2ca1a76a4e47553e85d50c57ff9d3dfbd0e55806ff890fef38

  • SHA512

    1f64bbf0bed9cc5cd04da93a9da7346774a493f73171b87f1331da5d00dc970d054ccc73935e57341512bd7d8827c3c88319f4458c30f0d09a6b25c91f356f7c

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.bulverderoofing.com/lt0h/

Decoy

originalindigofurniture.co.uk

fl6588.com

acecademy.com

yaerofinerindalnalising.com

mendilovic.online

rishenght.com

famlees.com

myhomeofficemarket.com

bouquetarabia.com

chrisbani.com

freebandslegally.com

hernandezinsurancegroup.net

slicedandfresh.com

apnathikanas.com

chadhatesyou.com

ansilsas.com

in3development.com

nitiren.net

peespn.com

valengz.com

Targets

    • Target

      2bINu9BOqKtJHoo.exe

    • Size

      1.1MB

    • MD5

      b8b1a1e689be765aad3fe0f8d97199af

    • SHA1

      96b923aaa5b0d3e9974b4080298bb8a7bcfcf725

    • SHA256

      f0e734543c047d2ca1a76a4e47553e85d50c57ff9d3dfbd0e55806ff890fef38

    • SHA512

      1f64bbf0bed9cc5cd04da93a9da7346774a493f73171b87f1331da5d00dc970d054ccc73935e57341512bd7d8827c3c88319f4458c30f0d09a6b25c91f356f7c

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks