Overview

overview

10

Static

static

655400c954...d0.exe

windows7_x64

10

655400c954...d0.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    655400c95408ab33a90686b581a100d0

  • Size

    493KB

  • Sample

    211019-g8xxkagbhr

  • MD5

    655400c95408ab33a90686b581a100d0

  • SHA1

    a4974a824b80db98d20dc11893cd958a937f6078

  • SHA256

    a0cea434baf3e56def0762e975e5c623c47f5ed75edbb6826ee594e260832c31

  • SHA512

    ba2e84679fab21e39381b42aae91cb538de922e5a4770e061c40904028a2347e6b324bd49aba37e846c85b1309da6e4b9c4ee9b4c672ccf4be4ed73c9af6c5d7

Score
10/10
formbookkzk9ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kzk9

C2

http://www.yourmajordomo.com/kzk9/

Decoy

tianconghuo.club

1996-page.com

ourtownmax.net

conservativetreehose.com

synth.repair

donnachicacreperia.com

tentfull.com

weapp.download

surfersink.com

gattlebusinessservices.com

sebastian249.com

anhphuc.company

betternatureproducts.net

defroplate.com

seattlesquidsquad.com

polarjob.com

lendingadvantage.com

angelsondope.com

goportjitney.com

tiendagrupojagr.com

Targets

    • Target

      655400c95408ab33a90686b581a100d0

    • Size

      493KB

    • MD5

      655400c95408ab33a90686b581a100d0

    • SHA1

      a4974a824b80db98d20dc11893cd958a937f6078

    • SHA256

      a0cea434baf3e56def0762e975e5c623c47f5ed75edbb6826ee594e260832c31

    • SHA512

      ba2e84679fab21e39381b42aae91cb538de922e5a4770e061c40904028a2347e6b324bd49aba37e846c85b1309da6e4b9c4ee9b4c672ccf4be4ed73c9af6c5d7

    Score
    10/10
    formbookkzk9ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks