Overview

overview

10

Static

static

#6495PI-29...20.exe

windows7_x64

10

#6495PI-29...20.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    #6495PI-29458-2020.exe

  • Size

    919KB

  • Sample

    210722-8p11mtl6c2

  • MD5

    020c3201638570f2858099e3e522a9a0

  • SHA1

    c3977925522b50fc59c2d2e1e014e24052d36fce

  • SHA256

    24e635e80cecd03066225b27fdb524c4542586b22dc820e05f8a02072008c674

  • SHA512

    11455186a0f8d4ad74de60cb4fa2acf399c8c39887ef979fa5b3d2568b530bc5d8c91c70dd3a7621df9e37ba3b1360fe38201146ed39dc185b03656a2ff8e173

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.nouolive.com/wt5i/

Decoy

mydreamct.com

vadicore.com

choicemango.com

projectsolutionspro.com

ncg.xyz

goio.digital

ee-secure-account.com

criminalstudy.com

fsjuanzhi.com

pont-travaux-public.com

agencepartenaire.com

jlsyzm.com

prosselius.com

woodendgroups.com

thereproducts.site

sigmagrupo.net

chelseagracia.com

fusosstore.com

chrissypips.trade

mvlxplcswa.com

Targets

    • Target

      #6495PI-29458-2020.exe

    • Size

      919KB

    • MD5

      020c3201638570f2858099e3e522a9a0

    • SHA1

      c3977925522b50fc59c2d2e1e014e24052d36fce

    • SHA256

      24e635e80cecd03066225b27fdb524c4542586b22dc820e05f8a02072008c674

    • SHA512

      11455186a0f8d4ad74de60cb4fa2acf399c8c39887ef979fa5b3d2568b530bc5d8c91c70dd3a7621df9e37ba3b1360fe38201146ed39dc185b03656a2ff8e173

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks