Overview

overview

10

Static

static

Factura proforma.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Factura proforma.zip

  • Size

    487KB

  • Sample

    210728-pnynwaak6n

  • MD5

    89b49476f3eb66a9d00466cca519d692

  • SHA1

    65c1f2b6cc40b585ffa3f3d23bfee5cf6663d22b

  • SHA256

    a94f859b074c88767d674c6d80eadbb565d8d3d2ae705e14b174666913381c88

  • SHA512

    814471f27fd75a7781b1069b2e16e56568216e3e22731e9fe28c33ad0bc27ab6d3462b09b2882fc90e5faaac8ee3c1b7134d1b4bff62e6e2ffaf4a1a3ff3206e

Score
10/10
formbookratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.constructioncleanup.pro/vd9n/

Decoy

theunwrappedcollective.com

seckj-ic.com

tyresandover.com

thetrophyworld.com

fonggrconstruction.com

hopiproject.com

sktitle.com

charlotteobscurer.com

qjuhe.com

girlzglitter.com

createmylawn.com

hempcbgpill.com

zzdfdzkj.com

shreehariessential.com

226sm.com

getcupscall.com

neuralviolin.com

sanskaar.life

xn--fhqrm54yyukopc.com

togetherx4fantasy5star.today

Targets

    • Target

      Factura proforma.exe

    • Size

      604KB

    • MD5

      e1e7b17c9e0a298346b82f04fabd4f60

    • SHA1

      735264e7cd43dca269582680ce3609eb5cac0418

    • SHA256

      239a8da808d8c8af3c89dda0bfeec6ab1f28a65fefca254e42ac993ee887abd0

    • SHA512

      929478f7a8a88cbbd7a31891cf886a24608bbbfcf5128d5e4683e50aa7cb916b1216194e2186eb2ea51c7511caecb4fac03fda3ae037dc22ceaf7522f6577f32

    Score
    10/10
    formbookratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks