Overview

overview

10

Static

static

10

i.exe

windows7_x64

10

i.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    i.exe

  • Size

    184KB

  • Sample

    210915-qnd4dsafh7

  • MD5

    48b24158c7b2341d055247bd88fee424

  • SHA1

    d3660fde586f02d78a3bc05343259339a3316700

  • SHA256

    0d8185c48b78c9635ff6b2f06b2ad6a8981012af8a9a8b33a010348d3520a62d

  • SHA512

    d301e570359f666c13396953cc6fca9db81dad9a7830685bd4d31cced34f7bd02f383e8709ada1a359175f4b7562ed0fd2b7c3d0cc2cdcf6a8f4f9cd401b71e4

Score
10/10
formbooks3dyratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s3dy

C2

http://www.livelifevibrantcourse.com/s3dy/

Decoy

ravlygte.info

marketnewsville.online

flooring-envy.com

flavourhouston.com

donghohanghieunam.com

globleitsolutions.com

digitalgraphicarts.com

cupidbeautybar.com

cannavybes.com

negative-dsp.com

littledali.com

meltwatersoftware.info

blackdogland.com

danasales.com

mississippiscorecard.com

mainesmoker.com

sirenxinlilzixun.com

tychehang.com

gentciu.com

weckloltd.com

Targets

    • Target

      i.exe

    • Size

      184KB

    • MD5

      48b24158c7b2341d055247bd88fee424

    • SHA1

      d3660fde586f02d78a3bc05343259339a3316700

    • SHA256

      0d8185c48b78c9635ff6b2f06b2ad6a8981012af8a9a8b33a010348d3520a62d

    • SHA512

      d301e570359f666c13396953cc6fca9db81dad9a7830685bd4d31cced34f7bd02f383e8709ada1a359175f4b7562ed0fd2b7c3d0cc2cdcf6a8f4f9cd401b71e4

    Score
    10/10
    formbooks3dyratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks