Overview

overview

10

Static

static

016a2ec587...7b.exe

windows7_x64

1

016a2ec587...7b.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    016a2ec587bcda6c0df1e5188bfeca7b

  • Size

    978KB

  • Sample

    210819-wcp2h7b4rx

  • MD5

    016a2ec587bcda6c0df1e5188bfeca7b

  • SHA1

    fad0fecd43d5fa3c1507551b598177eac236ee7b

  • SHA256

    3cb62c9b4ec92c70df9795f481ccb5b50fd4f260441c23edcaf97c23396bf502

  • SHA512

    6fb607055367e887eb749862bf6bbb6b2f4682bdfb4a695a0d83acd2124bab4b57438c30712ca25e4827f530cf1a5531869c3766725a29cc0fdfbdb31f5a95a0

Score
10/10
formbookkzk9ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kzk9

C2

http://www.yourmajordomo.com/kzk9/

Decoy

tianconghuo.club

1996-page.com

ourtownmax.net

conservativetreehose.com

synth.repair

donnachicacreperia.com

tentfull.com

weapp.download

surfersink.com

gattlebusinessservices.com

sebastian249.com

anhphuc.company

betternatureproducts.net

defroplate.com

seattlesquidsquad.com

polarjob.com

lendingadvantage.com

angelsondope.com

goportjitney.com

tiendagrupojagr.com

Targets

    • Target

      016a2ec587bcda6c0df1e5188bfeca7b

    • Size

      978KB

    • MD5

      016a2ec587bcda6c0df1e5188bfeca7b

    • SHA1

      fad0fecd43d5fa3c1507551b598177eac236ee7b

    • SHA256

      3cb62c9b4ec92c70df9795f481ccb5b50fd4f260441c23edcaf97c23396bf502

    • SHA512

      6fb607055367e887eb749862bf6bbb6b2f4682bdfb4a695a0d83acd2124bab4b57438c30712ca25e4827f530cf1a5531869c3766725a29cc0fdfbdb31f5a95a0

    Score
    10/10
    formbookkzk9ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks