Overview

overview

10

Static

static

TT-BankInf...df.exe

windows7_x64

10

TT-BankInf...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TT-BankInfo-1-2021.pdf.exe

  • Size

    761KB

  • Sample

    210723-18wlkxtvss

  • MD5

    7b0351ec874b11dd49c53ba8bfc300a0

  • SHA1

    c7b310143c30e86aed7b42025d336d872b199eb5

  • SHA256

    9efbf9cd19545210fd864fe446181134dda3703fd834b3b4ffeca2b55a11f6dd

  • SHA512

    bc1bcb17bd00343ad6acfb26d5047bfc34d22f3f2362f62111ec9e93d9117a84c669ce30c2841b70e82361b4296c778a5ee724591a5512829a3c208111d50bb5

Score
10/10
formbookratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.vcxpkbg.icu/d5y/

Decoy

kinakatashop.com

skanujfaktury.info

thepinkelephantcafe.com

securitymanagementdegree.com

plumbingdial1.com

xcuseheqahee.com

sh13c.com

ourprivatefantasy.com

pindd4.com

rbnjietiao.com

disqme.com

boogops.com

myfriendsautomotive.com

hip.travel

laserclinicscanada.com

braidwooduk.ltd

honchocollectables.com

888b.money

itserv-eg.com

psasportsauctions.com

Targets

    • Target

      TT-BankInfo-1-2021.pdf.exe

    • Size

      761KB

    • MD5

      7b0351ec874b11dd49c53ba8bfc300a0

    • SHA1

      c7b310143c30e86aed7b42025d336d872b199eb5

    • SHA256

      9efbf9cd19545210fd864fe446181134dda3703fd834b3b4ffeca2b55a11f6dd

    • SHA512

      bc1bcb17bd00343ad6acfb26d5047bfc34d22f3f2362f62111ec9e93d9117a84c669ce30c2841b70e82361b4296c778a5ee724591a5512829a3c208111d50bb5

    Score
    10/10
    formbookratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks