Overview

overview

10

Static

static

PO# 11381.exe

windows7_x64

10

PO# 11381.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO# 11381.exe

  • Size

    397KB

  • Sample

    211014-xkskyaabd9

  • MD5

    358bd28cc6d56ab308c4a413b2de32f5

  • SHA1

    88178d1f6e0ad8f120a542f1314f5f4dd907f6ff

  • SHA256

    cadf6d6a91c8c4e8576468e393638eb7ee477490c5a8a7d0fe9e919b6a6d93ec

  • SHA512

    a52182f20b732e9fc37cb0b163b6378b8720209a1c6670decf95c4f518afe927d367ebb69cadb8483abbb0e32cbd218ef256764ad66fb109fd577eb039545973

Score
10/10
formbookfv89ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fv89

C2

http://www.keyplus.digital/fv89/

Decoy

explaodingkittens.com

terapisanak.com

wearenlcs.com

bbcwin128.com

gyrotrader.com

pamvagata.com

1stoplendinggroup.store

sedukapug.rest

practicepicnic.com

moonmonkeyventureclub.com

theaveragedude.com

theintegritytalks.com

andesadventureperu.com

helmrad.com

thurmaniniguezdqkaogyzkbus.com

computetecs.com

regionsi.com

bestyounggirls.site

funnelmymoney.com

hardrocktransport.online

Targets

    • Target

      PO# 11381.exe

    • Size

      397KB

    • MD5

      358bd28cc6d56ab308c4a413b2de32f5

    • SHA1

      88178d1f6e0ad8f120a542f1314f5f4dd907f6ff

    • SHA256

      cadf6d6a91c8c4e8576468e393638eb7ee477490c5a8a7d0fe9e919b6a6d93ec

    • SHA512

      a52182f20b732e9fc37cb0b163b6378b8720209a1c6670decf95c4f518afe927d367ebb69cadb8483abbb0e32cbd218ef256764ad66fb109fd577eb039545973

    Score
    10/10
    formbookfv89ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks