Overview

overview

10

Static

static

83cc8405d6...00.exe

windows7_x64

10

83cc8405d6...00.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    83cc8405d694c0e1b3d7211202265f00

  • Size

    1010KB

  • Sample

    210819-vryzcnsvn2

  • MD5

    83cc8405d694c0e1b3d7211202265f00

  • SHA1

    5195443ab0c20c2b192aa18e911a002363069c64

  • SHA256

    e2c11a82ce76ab32b7033c6d47081c6c44fe2288211fe0af6202f3333196cbe6

  • SHA512

    bae273059ca86bbd6b078a658c1002b6d148a9dd69d75fc5ad9472240c6b3fbf824a229f7184bfca1e5867a264db37b60c1ad25792747d1561f38764eb74138e

Score
10/10
formbooknffratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

nff

C2

http://www.yellow-wink.com/nff/

Decoy

shinseikai.site

creditmystartup.com

howtovvbucks.com

betterfromthebeginning.com

oubacm.com

stonalogov.com

gentrypartyof8.com

cuesticksandsupplies.com

joelsavestheday.com

llanobnb.com

ecclogic.com

miempaque.com

cai23668.com

miscdr.net

twzhhq.com

bloomandbrewcafe.com

angcomleisure.com

mafeeboutique.com

300coin.club

brooksranchhomes.com

Targets

    • Target

      83cc8405d694c0e1b3d7211202265f00

    • Size

      1010KB

    • MD5

      83cc8405d694c0e1b3d7211202265f00

    • SHA1

      5195443ab0c20c2b192aa18e911a002363069c64

    • SHA256

      e2c11a82ce76ab32b7033c6d47081c6c44fe2288211fe0af6202f3333196cbe6

    • SHA512

      bae273059ca86bbd6b078a658c1002b6d148a9dd69d75fc5ad9472240c6b3fbf824a229f7184bfca1e5867a264db37b60c1ad25792747d1561f38764eb74138e

    Score
    10/10
    formbooknffratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks