Overview

overview

10

Static

static

Documents pdf.exe

windows7_x64

10

Documents pdf.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Documents pdf.exe

  • Size

    533KB

  • Sample

    210723-gxh3dp1fzs

  • MD5

    027d8e07155bc564f7b522183018efe6

  • SHA1

    10348a89cc88e0911f507a2d4aa50071718b096c

  • SHA256

    90e7c97ea4917a6efb5c0a69bd6f481b1a5023d6f8ad0f22d123c417edff8a68

  • SHA512

    5d1c8f6f0121df79767de6de22e7f513972aceeafd7376086511c8575187e224190a408340ec57835e9c0e0a347d47d7e4fd70c8618f91cf638c23b3acc5c3d3

Score
10/10
formbookratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.valiantfinancial.net/hth0/

Decoy

grahamandjana.com

surfpodcastnetwork.com

valkyrie20.com

hire4looks.com

wewalkfastasone.com

saveourschoolyear.com

5g23e.com

abusinesssystems.com

telefonepantalla.com

tailorscafe.com

schwarzer-markt.net

stopwatch247.com

458grandbetting.com

xpovision.com

kutkingbarbering.life

kppp-guxxz.xyz

chuckwagon-chow.com

la-casa-delle-vita.com

creativesocials.com

negociacoeshojebr.com

Targets

    • Target

      Documents pdf.exe

    • Size

      533KB

    • MD5

      027d8e07155bc564f7b522183018efe6

    • SHA1

      10348a89cc88e0911f507a2d4aa50071718b096c

    • SHA256

      90e7c97ea4917a6efb5c0a69bd6f481b1a5023d6f8ad0f22d123c417edff8a68

    • SHA512

      5d1c8f6f0121df79767de6de22e7f513972aceeafd7376086511c8575187e224190a408340ec57835e9c0e0a347d47d7e4fd70c8618f91cf638c23b3acc5c3d3

    Score
    10/10
    formbookratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks