Overview

overview

10

Static

static

PO JREL0036 202R2.exe

windows7_x64

PO JREL0036 202R2.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO JREL0036 202R2.exe

  • Size

    959KB

  • Sample

    210909-shaj5abecr

  • MD5

    031b19f1f116244a1b5f1f29b59f9dfa

  • SHA1

    f735b258c06129b0c52d58be23a2a0f1729ace90

  • SHA256

    0cdbab37f443dbdc7fb7aecc5e0b8dfb7b25b7d665397194bb8a137e9b01d44f

  • SHA512

    1f6b1a208e42e64a26f242eb77c63779fe637dd48acdf4ba0c9c2931be587d1c91569938a31c15a24dc945e6880a550ab2db494785d35a643bf37ac9f6bab16e

Score
10/10
formbookergsratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ergs

C2

http://www.barry-associates.com/ergs/

Decoy

jardineriavilanova.com

highkeyfashionboutique.com

willingtobuyyourhouse.com

ysfno.com

bjkhjzzs.com

hexmotif.com

intentionalerror.com

nuu-foundfreedom.com

catalystspeechservices.com

blackmybail.com

xntaobaozhibo.com

site-sozdat.online

45quisisanadr.com

ipawlove.com

yifa5188.com

admm.email

houseoftealbh.com

scale-biz.com

vdvppt.club

loveandlight.life

Targets

    • Target

      PO JREL0036 202R2.exe

    • Size

      959KB

    • MD5

      031b19f1f116244a1b5f1f29b59f9dfa

    • SHA1

      f735b258c06129b0c52d58be23a2a0f1729ace90

    • SHA256

      0cdbab37f443dbdc7fb7aecc5e0b8dfb7b25b7d665397194bb8a137e9b01d44f

    • SHA512

      1f6b1a208e42e64a26f242eb77c63779fe637dd48acdf4ba0c9c2931be587d1c91569938a31c15a24dc945e6880a550ab2db494785d35a643bf37ac9f6bab16e

    Score
    10/10
    formbookergsratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks