Overview

overview

10

Static

static

Purchase O...df.exe

windows7_x64

3

Purchase O...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order.Pdf.exe

  • Size

    984KB

  • Sample

    210723-4fc41prk5s

  • MD5

    6677a05c9b05d917b8654308183f9c5b

  • SHA1

    6c7189656dfcdfb04298ae60b80a350d17100f5a

  • SHA256

    b5c47964271578c767ebb7c3bfee10cda45464043d6e2879408f138da8031cf4

  • SHA512

    2f8586af3a89fd200a4fc616f7db898c5199afd7d224144628ea9c80d1e22567507eefffa4eea5da20598c3d926a02d595fee69439623d252d35d9ddceef42dd

Score
10/10
formbookratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.papablogzzi.com/obow/

Decoy

hinetin.net

narrativebusters.com

jesusmusicatl.com

mywellnessbooking.com

830272.com

mainrein.com

kajeoneworld.com

directaccesss.com

igsecretos.com

campbone.com

socialvidiots.com

abditrade.com

purisopropyl.com

opticalapparatus.com

staveoffboredom.com

evinja.com

onlinebusinesstoolselector.com

todayonly2.info

elitedesign-dz.com

zgszgw.com

Targets

    • Target

      Purchase Order.Pdf.exe

    • Size

      984KB

    • MD5

      6677a05c9b05d917b8654308183f9c5b

    • SHA1

      6c7189656dfcdfb04298ae60b80a350d17100f5a

    • SHA256

      b5c47964271578c767ebb7c3bfee10cda45464043d6e2879408f138da8031cf4

    • SHA512

      2f8586af3a89fd200a4fc616f7db898c5199afd7d224144628ea9c80d1e22567507eefffa4eea5da20598c3d926a02d595fee69439623d252d35d9ddceef42dd

    Score
    10/10
    formbookratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks