Overview

overview

10

Static

static

10

1.exe

windows7_x64

10

1.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.exe

  • Size

    184KB

  • Sample

    210917-k7ydgsfbb8

  • MD5

    b40cb0308a54ac1d3b997a74afa5d760

  • SHA1

    d114b90c7838201624a3faf512d00c74095baa16

  • SHA256

    561bedc1d6d589037ade015eb53f01c045fbd770982e04dc1b7a2acc677d67f4

  • SHA512

    e7e47000809d41cfcb9f82976fbf8972c1c3f6783f39a44234d6e4c519709e3bf82abddd072128630734d5297a0bca1471fb7a1377b9340b4e0b438c86b598a4

Score
10/10
formbook3nopratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3nop

C2

http://www.jakesplacebarbers.com/3nop/

Decoy

videohm.com

panache-rose.com

alnooncars-kw.com

trueblue2u.com

brussels-cafe.com

ip2c.net

influenzerr.com

rbcoq.com

zzful.com

drainthe.com

sumaholesson.com

cursosaprovados.com

genotecinc.com

dbrulhart.com

theapiarystudios.com

kensyu-kan.com

dkku88.com

tikhyper.com

aztecnort.com

homebrim.com

Targets

    • Target

      1.exe

    • Size

      184KB

    • MD5

      b40cb0308a54ac1d3b997a74afa5d760

    • SHA1

      d114b90c7838201624a3faf512d00c74095baa16

    • SHA256

      561bedc1d6d589037ade015eb53f01c045fbd770982e04dc1b7a2acc677d67f4

    • SHA512

      e7e47000809d41cfcb9f82976fbf8972c1c3f6783f39a44234d6e4c519709e3bf82abddd072128630734d5297a0bca1471fb7a1377b9340b4e0b438c86b598a4

    Score
    10/10
    formbook3nopratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks