Overview

overview

10

Static

static

b19143d7e7...6d.exe

windows7_x64

10

b19143d7e7...6d.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b19143d7e738e319d499fad66a36356d

  • Size

    894KB

  • Sample

    210811-hhfy4xm6zn

  • MD5

    b19143d7e738e319d499fad66a36356d

  • SHA1

    99688c6d9c0d10adc771320f6d6bee5aee80daa8

  • SHA256

    29df0bb962a305621b5f1d2a5cf0eaeae9381872e2a329230e833e6db7c999fa

  • SHA512

    1b88faad56c95a019e8586650cab752ebd4f2dc35f34123a9d9c2dbe158728efdb032358d35dbad806a1e39603cdaf3bda51708d2e3c7b0dcd60ded45c3e3711

Score
10/10
formbookkzk9ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kzk9

C2

http://www.yourmajordomo.com/kzk9/

Decoy

tianconghuo.club

1996-page.com

ourtownmax.net

conservativetreehose.com

synth.repair

donnachicacreperia.com

tentfull.com

weapp.download

surfersink.com

gattlebusinessservices.com

sebastian249.com

anhphuc.company

betternatureproducts.net

defroplate.com

seattlesquidsquad.com

polarjob.com

lendingadvantage.com

angelsondope.com

goportjitney.com

tiendagrupojagr.com

Targets

    • Target

      b19143d7e738e319d499fad66a36356d

    • Size

      894KB

    • MD5

      b19143d7e738e319d499fad66a36356d

    • SHA1

      99688c6d9c0d10adc771320f6d6bee5aee80daa8

    • SHA256

      29df0bb962a305621b5f1d2a5cf0eaeae9381872e2a329230e833e6db7c999fa

    • SHA512

      1b88faad56c95a019e8586650cab752ebd4f2dc35f34123a9d9c2dbe158728efdb032358d35dbad806a1e39603cdaf3bda51708d2e3c7b0dcd60ded45c3e3711

    Score
    10/10
    formbookkzk9ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks