Overview

overview

10

Static

static

S.O.A.exe

windows7_x64

10

S.O.A.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    S.O.A.exe

  • Size

    813KB

  • Sample

    211020-198j8saedp

  • MD5

    10f79865e6d977fa0d9f5d4a12ac7fac

  • SHA1

    c05d245928e4c06f1591187d595786ffcb57584a

  • SHA256

    e6cb9330e6bbd16bdd58aac76070200e17389a45c4aead703d4ab970038ff8a2

  • SHA512

    5ba202c0fcf9dbffd0dbf3a1310978469c55a764876eddc2d02e66f01e707890de510a73595d43cf1f6b7c7769b4e2a756abe75d48f805aae34d78d8709b500c

Score
10/10
formbooksnr6ratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

snr6

C2

http://www.reynbetgirisi.com/snr6/

Decoy

jjglassmi1.com

vpsseattle.com

drfllc.top

staycoolonline.com

eptlove.com

solusimatasehat.site

ionrarecharlestonproperties.com

b3eflucg.xyz

tvchosun-usa.com

mmahzxwzsadqlshop.life

gospelimport.com

demoapps.website

jackburst54.com

99rocket.education

ccbwithbri.com

trapperairsoft.com

useroadly.com

ralphlaurenonline-nl.com

loanmaster4u.com

champ-beauty-tomigaoka-nail.com

Targets

    • Target

      S.O.A.exe

    • Size

      813KB

    • MD5

      10f79865e6d977fa0d9f5d4a12ac7fac

    • SHA1

      c05d245928e4c06f1591187d595786ffcb57584a

    • SHA256

      e6cb9330e6bbd16bdd58aac76070200e17389a45c4aead703d4ab970038ff8a2

    • SHA512

      5ba202c0fcf9dbffd0dbf3a1310978469c55a764876eddc2d02e66f01e707890de510a73595d43cf1f6b7c7769b4e2a756abe75d48f805aae34d78d8709b500c

    Score
    10/10
    formbooksnr6ratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks