Overview

overview

10

Static

static

5db1b401d5...c3.exe

windows7_x64

10

5db1b401d5...c3.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5db1b401d54eb87dfe5260ba2f3a4077b692aac3

  • Size

    612KB

  • Sample

    210727-zjt8aex5de

  • MD5

    bdc8aab5dc8803a80050a28c39171069

  • SHA1

    5db1b401d54eb87dfe5260ba2f3a4077b692aac3

  • SHA256

    6444b0f41e6046055462a6b4837fdf509f403e01f3a3c46899548ec0ee9fbfdc

  • SHA512

    a1dc7fbfe4009bf5aa44262399dd1caf18f7901e3c5ee70540ad58ab5a668db6040c461ff2debfbfb5edad0fec524193249fbb8313263772be65348369b707eb

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.containerflippers.com/np0c/

Decoy

spartansurebets.com

threelakestradingco.com

metaspace.global

zjenbao.com

directlyincluded.press

peterchadri.com

learnhousebreaking.com

wonobattle.online

leadate.com

shebafarmscali.com

top4thejob.online

awakeyourfaith.com

bedford-st.com

lolwhats.com

cucurumbel.com

lokalbazaar.com

matter.pro

eastcountyanimalrescue.com

musesgirl.com

noordinarydairy.com

Targets

    • Target

      5db1b401d54eb87dfe5260ba2f3a4077b692aac3

    • Size

      612KB

    • MD5

      bdc8aab5dc8803a80050a28c39171069

    • SHA1

      5db1b401d54eb87dfe5260ba2f3a4077b692aac3

    • SHA256

      6444b0f41e6046055462a6b4837fdf509f403e01f3a3c46899548ec0ee9fbfdc

    • SHA512

      a1dc7fbfe4009bf5aa44262399dd1caf18f7901e3c5ee70540ad58ab5a668db6040c461ff2debfbfb5edad0fec524193249fbb8313263772be65348369b707eb

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks