Overview

overview

10

Static

static

PO-cleaned.exe

windows7_x64

10

PO-cleaned.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO-cleaned

  • Size

    409KB

  • Sample

    211009-cybt5afaa8

  • MD5

    853ad4310c24729308145fc31680db4c

  • SHA1

    6540e372ca87a3135e9567309645012520c16c90

  • SHA256

    d6e08d0aa04b1219afbedaacaca15792fed2af462a5a95eb9a753b2d5c3bafa4

  • SHA512

    e300b9239001e24173256b505daaf537242c090eee657f31794007814795d8017a1551ac3897985b071631ad6f79dd2ccf00d53a5a7db14d94a9c39a3aeba13a

Score
10/10
formbooked9sratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ed9s

C2

http://www.vaughnmethod.com/ed9s/

Decoy

pocketoptioniraq.com

merabestsolutions.com

atelectronics.site

fuxueshi.net

infinitystay.com

forensicconcept.site

txpmachine.com

masterwhs.xyz

dia-gnwsis.art

fulltiltnodes.com

bigbnbbsc.com

formation-figma.com

bonanacroin.net

medicalmarijuanasatx.com

bagnavy.com

aaegiscares.net

presentationpublicschool.com

bestyousite.site

prescriptionn.com

beyondthenormbouquets.com

Targets

    • Target

      PO-cleaned

    • Size

      409KB

    • MD5

      853ad4310c24729308145fc31680db4c

    • SHA1

      6540e372ca87a3135e9567309645012520c16c90

    • SHA256

      d6e08d0aa04b1219afbedaacaca15792fed2af462a5a95eb9a753b2d5c3bafa4

    • SHA512

      e300b9239001e24173256b505daaf537242c090eee657f31794007814795d8017a1551ac3897985b071631ad6f79dd2ccf00d53a5a7db14d94a9c39a3aeba13a

    Score
    10/10
    formbooked9sratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks