Overview

overview

10

Static

static

Shipping Doc.exe

windows7_x64

1

Shipping Doc.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Shipping Doc.exe

  • Size

    1.1MB

  • Sample

    210723-m7w9nvkw1a

  • MD5

    10a46b2fa651206e4bffc2d38ca6f060

  • SHA1

    8b4fe95bcf467f42eb6dc6c536bd1391312d1fd2

  • SHA256

    2fa0835f11481e49075e146cf459187bdf8c37df1abdbffc74b075b2f68e7626

  • SHA512

    e3a2742fc85ea70a757952a5a7e08a761c5d6d9526ad6b7b62f961a0c7ae7d723eefc181a9d58091a2c15bf63d54827931607792e5419d423a8361eed9a3c054

Score
10/10
formbookratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.shopjempress.com/amb6/

Decoy

segurocars.com

rylautosales.com

xinglinjiankang.com

dantil-brand.com

sofaloffa.club

coinclub2.com

ez-pens.com

gqtlqsw.com

robotnewswire.com

ktproductreviews.com

merchbrander.com

yesonamendmentb.com

losgatoslimos.com

kristincole.art

metalmaids.online

leftcoastmodels.com

athetheist.com

jblbusrtingsale.com

chungcugiarehcm.com

renblockchain.com

Targets

    • Target

      Shipping Doc.exe

    • Size

      1.1MB

    • MD5

      10a46b2fa651206e4bffc2d38ca6f060

    • SHA1

      8b4fe95bcf467f42eb6dc6c536bd1391312d1fd2

    • SHA256

      2fa0835f11481e49075e146cf459187bdf8c37df1abdbffc74b075b2f68e7626

    • SHA512

      e3a2742fc85ea70a757952a5a7e08a761c5d6d9526ad6b7b62f961a0c7ae7d723eefc181a9d58091a2c15bf63d54827931607792e5419d423a8361eed9a3c054

    Score
    10/10
    formbookratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks