Overview

overview

10

Static

static

966839ee96...20.exe

windows7_x64

10

966839ee96...20.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    966839ee96aef44275cf750220e9f3abbbbbcda2ddb12b98754da0a95e952520.exe

  • Size

    829KB

  • Sample

    210824-rw7thbmy46

  • MD5

    8451c2a517986544d0ccdc58c5118a6f

  • SHA1

    821c08b1e2d3a450588ffb734c27e67ceab1f03c

  • SHA256

    966839ee96aef44275cf750220e9f3abbbbbcda2ddb12b98754da0a95e952520

  • SHA512

    ce82fd6e40834e84e149e43e3423eb2b38fbc3472b23a816fa844ece90bf41e8b1ee41fa464f99943f7ccfe9e5d43a03bae5c45c87c5b3a670958a8a6c65fd04

Score
10/10
formbookn7akratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n7ak

C2

http://www.kmresults.com/n7ak/

Decoy

modischoolcbse.com

theneverwinter.com

rszkjx-vps-hosting.website

fnihil.com

1pbet.com

nnowzscorrez.com

uaotgvjl.icu

starmapsqatar.com

ekisilani.com

extradeepsheets.com

jam-nins.com

buranly.com

orixentertainment.com

rawtech.energy

myol.guru

utex.club

jiapie.com

wowig.store

wweidlyyl.com

systaskautomation.com

Targets

    • Target

      966839ee96aef44275cf750220e9f3abbbbbcda2ddb12b98754da0a95e952520.exe

    • Size

      829KB

    • MD5

      8451c2a517986544d0ccdc58c5118a6f

    • SHA1

      821c08b1e2d3a450588ffb734c27e67ceab1f03c

    • SHA256

      966839ee96aef44275cf750220e9f3abbbbbcda2ddb12b98754da0a95e952520

    • SHA512

      ce82fd6e40834e84e149e43e3423eb2b38fbc3472b23a816fa844ece90bf41e8b1ee41fa464f99943f7ccfe9e5d43a03bae5c45c87c5b3a670958a8a6c65fd04

    Score
    10/10
    formbookn7akratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks