Overview

overview

10

Static

static

PO91206762.exe

windows7_x64

10

PO91206762.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO91206762.exe

  • Size

    194KB

  • Sample

    210726-nar5mm8hee

  • MD5

    54c6e68d889239ef978e4221f8add60f

  • SHA1

    500f8852aa4cf26eb57d544fa3017bbab75aafce

  • SHA256

    71cb97b67ebcc50a0bef217b3ca9591cfa49f6b8c8d11ee9952c2cde0b7b6a51

  • SHA512

    09d0bc694eababc0de157884383fff81c07b5c576bfcbfdf763b41b8a96a845b4fc29b04ccd0b82e70de085696f86afd79b94f2be210b545e0a91d0ffd793a7e

Score
10/10
formbookratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.yjhlgg.com/grve/

Decoy

jrvinganimalexterminator.com

smallsyalls.com

po1c3.com

mencg.com

aussieenjoyment.today

espace22.com

aanmelding-desk.info

gallopshoes.com

nftsexy.com

ricosdulcesmexicanos.com

riseswift.com

thechicthirty.com

matdcg.com

alternet.today

creativehuesdesigns.com

rjkcrafts.com

lowdosemortgage.com

adoptahamster.com

wellness-sense.com

jacardcapital.com

Targets

    • Target

      PO91206762.exe

    • Size

      194KB

    • MD5

      54c6e68d889239ef978e4221f8add60f

    • SHA1

      500f8852aa4cf26eb57d544fa3017bbab75aafce

    • SHA256

      71cb97b67ebcc50a0bef217b3ca9591cfa49f6b8c8d11ee9952c2cde0b7b6a51

    • SHA512

      09d0bc694eababc0de157884383fff81c07b5c576bfcbfdf763b41b8a96a845b4fc29b04ccd0b82e70de085696f86afd79b94f2be210b545e0a91d0ffd793a7e

    Score
    10/10
    formbookratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks