Overview

overview

10

Static

static

mpomzx.exe

windows7_x64

10

mpomzx.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mpomzx.exe

  • Size

    400KB

  • Sample

    211007-zkpkdschb7

  • MD5

    86d0a0cbb77b6157d2da7ab7b5d1c2be

  • SHA1

    673a336d59fd3b168ee8849791d39e77407aae9c

  • SHA256

    fedeb19031bcc0941b0943dd3ed45ee6095b8c489c072c85e513b414abf8acf5

  • SHA512

    ec6d0ccd17365780314a6cfdee612aa3486f0cc21e4a90e4030c086203dd022094c85a2999f98fddfb8982ebbf49a3925010e856368545e6c9eda63a941cac63

Score
10/10
formbookvngbratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vngb

C2

http://www.gvlc0.club/vngb/

Decoy

omertalasvegas.com

payyep.com

modasportss.com

gestionestrategicadl.com

teamolemiss.club

geektranslate.com

versatileventure.com

athletic-hub.com

vitanovaretreats.com

padison8t.com

tutoeasy.com

ediblewholesale.com

kangrungao.com

satode.com

prohibitionfeeds.com

getmorevacations.com

blinkworldbeauty.com

kdlabsallr.com

almanasef.com

transportationservicellc.com

Targets

    • Target

      mpomzx.exe

    • Size

      400KB

    • MD5

      86d0a0cbb77b6157d2da7ab7b5d1c2be

    • SHA1

      673a336d59fd3b168ee8849791d39e77407aae9c

    • SHA256

      fedeb19031bcc0941b0943dd3ed45ee6095b8c489c072c85e513b414abf8acf5

    • SHA512

      ec6d0ccd17365780314a6cfdee612aa3486f0cc21e4a90e4030c086203dd022094c85a2999f98fddfb8982ebbf49a3925010e856368545e6c9eda63a941cac63

    Score
    10/10
    formbookvngbratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks