Overview

overview

10

Static

static

79b58cbefa...0b.exe

windows7_x64

10

79b58cbefa...0b.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5482008822317056.zip

  • Size

    437KB

  • Sample

    210727-7le8w47b2x

  • MD5

    c16088e96bc6b19d4003223a10caa46f

  • SHA1

    1125c5b22a6f7b64b238b417bd417d7fd69812b9

  • SHA256

    56956d4a429d87ca1a8ad157be0d50add41f68c3ec5571c88bdd6a8e5bc29273

  • SHA512

    d34b20f923629fbc0151a9b2028793c85190b8650cfd782df8838ea9292439001abe6433d0b79ae5abab4f007d05f65976d3d761803cc75f9782221b8bbe6938

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.sunderstudios.com/blo/

Decoy

introducingsadieann.com

batterrydaddy.com

restaurantechoytac.digital

toriox.tech

cursosonline.pro

onegreenmother.com

canyonpark-home.com

charleserick9.com

coldavis-81720-1634.com

deliandgyros.com

darrenjmajor.com

chekax.com

twinsepower.com

welinkautollc.com

kimlmontgomery.com

ligature.net

bllbirdcrk.com

happilyeverfi.com

hahdigitalmarketinghelp.com

onecomcall.com

Targets

    • Target

      79b58cbefa964dfc78a5fbf12179eeb101912ddce145a68c9142cfbf9cbb120b

    • Size

      716KB

    • MD5

      80a7d8ecbc520bdbb9e92fc0883fc3bf

    • SHA1

      77130d8315019413a3c3f68ca7ebe3b522a41a74

    • SHA256

      79b58cbefa964dfc78a5fbf12179eeb101912ddce145a68c9142cfbf9cbb120b

    • SHA512

      1648734c85804a8d6d3af028eb857621e0e8bd130890f28f6e58e36c402226eb76c073c4d8a4c14d5c5103e661965993374e6e7fd599fe8224b149b8023e374e

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks