Overview

overview

10

Static

static

PURCHASE O...83.exe

windows7_x64

10

PURCHASE O...83.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PURCHASE ORDER I 5083.exe

  • Size

    484KB

  • Sample

    210927-jx8k2agacj

  • MD5

    d00582b716d424ee1a7cb7b9512a8ae4

  • SHA1

    f8db547e1607c97c16f81a68998be1f4d1e2625c

  • SHA256

    7e2a14525c0058bca08d945d2358fc629e3080cc111d271253e061a4be0bde17

  • SHA512

    bbed76e76b8853163c3d2218d6f7104ca7ee980504a7f75ef95a03857a2a8862370df7ea65fc63c54b3138b0bfb829dc065a9912a4c736deae0322a4105d130a

Score
10/10
formbookergsratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ergs

C2

http://www.iselotech.com/ergs/

Decoy

oceanprimesanfrancisco.com

dk-tnc.com

sodangwang.com

abrat-ed.com

dusubiqiqijem.xyz

getsup.online

homeneto.com

shose8.com

tronlane.com

nidowicosasod.xyz

independienteatleticclub.com

pca-winschool.com

realbadnastystories.site

bluevioletfloral.com

simplifiedpeacepodcast.com

abcfreediving.com

theyardbunny.com

holoique.com

ibkr1325.com

tjnfioou.xyz

Targets

    • Target

      PURCHASE ORDER I 5083.exe

    • Size

      484KB

    • MD5

      d00582b716d424ee1a7cb7b9512a8ae4

    • SHA1

      f8db547e1607c97c16f81a68998be1f4d1e2625c

    • SHA256

      7e2a14525c0058bca08d945d2358fc629e3080cc111d271253e061a4be0bde17

    • SHA512

      bbed76e76b8853163c3d2218d6f7104ca7ee980504a7f75ef95a03857a2a8862370df7ea65fc63c54b3138b0bfb829dc065a9912a4c736deae0322a4105d130a

    Score
    10/10
    formbookergsratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks