Overview

overview

10

Static

static

PURCHASE O...va.exe

windows7_x64

10

PURCHASE O...va.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PURCHASE ORDER 29kva.exe

  • Size

    713KB

  • Sample

    210929-qf3rsafac9

  • MD5

    cf92b80bd587ac1498dd3e37fee96af7

  • SHA1

    ecaef1532016cc58333ddff64ace07d2a51bde72

  • SHA256

    727d99fbf5a7d58b50ea62f289cf59b251ffe3e6f5d9487f7716127654e6e32a

  • SHA512

    cd07ba0d3b511144afd2246778103ac1ce9db31f9df6ac7dd86c3a08600682242cf1069a54e36da7e96041d084aed950e5d899510f08a676434848fe8f350fb3

Score
10/10
formbookergsratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ergs

C2

http://www.iselotech.com/ergs/

Decoy

oceanprimesanfrancisco.com

dk-tnc.com

sodangwang.com

abrat-ed.com

dusubiqiqijem.xyz

getsup.online

homeneto.com

shose8.com

tronlane.com

nidowicosasod.xyz

independienteatleticclub.com

pca-winschool.com

realbadnastystories.site

bluevioletfloral.com

simplifiedpeacepodcast.com

abcfreediving.com

theyardbunny.com

holoique.com

ibkr1325.com

tjnfioou.xyz

Targets

    • Target

      PURCHASE ORDER 29kva.exe

    • Size

      713KB

    • MD5

      cf92b80bd587ac1498dd3e37fee96af7

    • SHA1

      ecaef1532016cc58333ddff64ace07d2a51bde72

    • SHA256

      727d99fbf5a7d58b50ea62f289cf59b251ffe3e6f5d9487f7716127654e6e32a

    • SHA512

      cd07ba0d3b511144afd2246778103ac1ce9db31f9df6ac7dd86c3a08600682242cf1069a54e36da7e96041d084aed950e5d899510f08a676434848fe8f350fb3

    Score
    10/10
    formbookergsratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks