Overview

overview

10

Static

static

pfr 80954820021.exe

windows7_x64

10

pfr 80954820021.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    pfr 80954820021.exe

  • Size

    702KB

  • Sample

    210908-wxmpsaehd9

  • MD5

    a59ac7b2bcf00d4d15a9a010d56139b0

  • SHA1

    09e4feef7b72c18b90b589f0d3f7f4fccba1664c

  • SHA256

    83b3d86539fd63f97b860e86c3e61b4e2c64dc1ff2936566d5bda292ab6e478d

  • SHA512

    a97e111d09fc0319552101ce3aa3e20e7e20e8ca6bfd2e0a51191bb15de98b0cd323f845382dea87a370433e9608e01c70c5edb20a657963c708134cc6136248

Score
10/10
formbookergsratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ergs

C2

http://www.barry-associates.com/ergs/

Decoy

jardineriavilanova.com

highkeyfashionboutique.com

willingtobuyyourhouse.com

ysfno.com

bjkhjzzs.com

hexmotif.com

intentionalerror.com

nuu-foundfreedom.com

catalystspeechservices.com

blackmybail.com

xntaobaozhibo.com

site-sozdat.online

45quisisanadr.com

ipawlove.com

yifa5188.com

admm.email

houseoftealbh.com

scale-biz.com

vdvppt.club

loveandlight.life

Targets

    • Target

      pfr 80954820021.exe

    • Size

      702KB

    • MD5

      a59ac7b2bcf00d4d15a9a010d56139b0

    • SHA1

      09e4feef7b72c18b90b589f0d3f7f4fccba1664c

    • SHA256

      83b3d86539fd63f97b860e86c3e61b4e2c64dc1ff2936566d5bda292ab6e478d

    • SHA512

      a97e111d09fc0319552101ce3aa3e20e7e20e8ca6bfd2e0a51191bb15de98b0cd323f845382dea87a370433e9608e01c70c5edb20a657963c708134cc6136248

    Score
    10/10
    formbookergsratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks