Overview

overview

10

Static

static

PO 1,50019...18.exe

windows7_x64

10

PO 1,50019...18.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO 1,5001993 21118.exe

  • Size

    542KB

  • Sample

    210928-k2jcdabbh3

  • MD5

    65d36801e01e7b2053c838e56f64c0d7

  • SHA1

    964079668438ed102da00cfc0fc82e44ab55c45f

  • SHA256

    f5400b800544782acf9e16a80368cef1b36eed0e63fd0200523f3d38c54162e9

  • SHA512

    88ac2c1faf66aea16dd9b0f5cc312d4d130874b505d20ae7dfbfb8e93a4c7ec19f7931a5dc67a2e8b70e98084461c5d50c7a140925c87df30474c63aae27388b

Score
10/10
formbookergsratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ergs

C2

http://www.iselotech.com/ergs/

Decoy

oceanprimesanfrancisco.com

dk-tnc.com

sodangwang.com

abrat-ed.com

dusubiqiqijem.xyz

getsup.online

homeneto.com

shose8.com

tronlane.com

nidowicosasod.xyz

independienteatleticclub.com

pca-winschool.com

realbadnastystories.site

bluevioletfloral.com

simplifiedpeacepodcast.com

abcfreediving.com

theyardbunny.com

holoique.com

ibkr1325.com

tjnfioou.xyz

Targets

    • Target

      PO 1,5001993 21118.exe

    • Size

      542KB

    • MD5

      65d36801e01e7b2053c838e56f64c0d7

    • SHA1

      964079668438ed102da00cfc0fc82e44ab55c45f

    • SHA256

      f5400b800544782acf9e16a80368cef1b36eed0e63fd0200523f3d38c54162e9

    • SHA512

      88ac2c1faf66aea16dd9b0f5cc312d4d130874b505d20ae7dfbfb8e93a4c7ec19f7931a5dc67a2e8b70e98084461c5d50c7a140925c87df30474c63aae27388b

    Score
    10/10
    formbookergsratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks