Overview

overview

10

Static

static

Purchase Order.exe

windows7_x64

10

Purchase Order.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order.exe

  • Size

    916KB

  • Sample

    210722-ln67kvfrvx

  • MD5

    c13f1850e9d955f826620bd1ae322368

  • SHA1

    1329de0499fabc6fcffd4fa02864968acaac253e

  • SHA256

    419d8b92dc042882bb3261de70dfe4a158bc9ca436c71f9bf330bb8a6917d04c

  • SHA512

    8d11bbe6afadbd108f227bb3397334f27eb69859b19e82ae436ea91a9f9b6b786c83a55a2fe0f71b15875ec51df8b19f367941420e5972eb2a06e6163aed2657

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.valiantfinancial.net/hth0/

Decoy

grahamandjana.com

surfpodcastnetwork.com

valkyrie20.com

hire4looks.com

wewalkfastasone.com

saveourschoolyear.com

5g23e.com

abusinesssystems.com

telefonepantalla.com

tailorscafe.com

schwarzer-markt.net

stopwatch247.com

458grandbetting.com

xpovision.com

kutkingbarbering.life

kppp-guxxz.xyz

chuckwagon-chow.com

la-casa-delle-vita.com

creativesocials.com

negociacoeshojebr.com

Targets

    • Target

      Purchase Order.exe

    • Size

      916KB

    • MD5

      c13f1850e9d955f826620bd1ae322368

    • SHA1

      1329de0499fabc6fcffd4fa02864968acaac253e

    • SHA256

      419d8b92dc042882bb3261de70dfe4a158bc9ca436c71f9bf330bb8a6917d04c

    • SHA512

      8d11bbe6afadbd108f227bb3397334f27eb69859b19e82ae436ea91a9f9b6b786c83a55a2fe0f71b15875ec51df8b19f367941420e5972eb2a06e6163aed2657

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks