Overview

overview

10

Static

static

obizx.exe

windows7_x64

10

obizx.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    obizx.exe

  • Size

    407KB

  • Sample

    211020-t64njshch9

  • MD5

    49d580ed801dcd3c12a2bf56e82a3baa

  • SHA1

    ee97619d2e4a2dcec42a9a184fdead03b3016690

  • SHA256

    2776237004407d8c72906ce72050cda1b0d9abeb20e313abf7a98e6fea03ce8d

  • SHA512

    fbf3c5c087a96b70c9e1f95f17084fbb671f3f1fbaf5050ed4617ee869eef0c4b0365b48a07ca7a480f14ba682b3b89e246c2b15c4bea562e2099b8fbf4f6485

Score
10/10
formbookfkt8ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fkt8

C2

http://www.grampianscottages.com/fkt8/

Decoy

chosenvoicesrising.com

sinanbodur.com

ajayforchange.com

ucp.coffee

voteyatooma.com

budgetsignsco.com

greenscheme.xyz

bscvbuye.xyz

onlineslot.website

posta-sk-online.com

lawrencesmithart.com

clubbiohack.com

rancrypto.net

ankitanandroy.com

mdexam.info

rochx7.com

experiencegreatness.site

rooferseeker.com

xy-marine.com

tecnograss.com

Targets

    • Target

      obizx.exe

    • Size

      407KB

    • MD5

      49d580ed801dcd3c12a2bf56e82a3baa

    • SHA1

      ee97619d2e4a2dcec42a9a184fdead03b3016690

    • SHA256

      2776237004407d8c72906ce72050cda1b0d9abeb20e313abf7a98e6fea03ce8d

    • SHA512

      fbf3c5c087a96b70c9e1f95f17084fbb671f3f1fbaf5050ed4617ee869eef0c4b0365b48a07ca7a480f14ba682b3b89e246c2b15c4bea562e2099b8fbf4f6485

    Score
    10/10
    formbookfkt8ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks