Overview

overview

10

Static

static

HENTEC12834.exe

windows7_x64

10

HENTEC12834.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HENTEC12834.exe

  • Size

    530KB

  • Sample

    211021-jqz1baaab6

  • MD5

    5ede73c34f56df7353c2516b0b544d3d

  • SHA1

    3245d570c89fb1e5e4ff7f216aa6cb12099726e2

  • SHA256

    bb6c08035fd7dc06d3ace7952af7bd640c45c548e087dba1deaa45f1861b0077

  • SHA512

    5adf0752e70c5a04eabf3a5eb8d0694836e510421cf87057410bb95e4085fb6cb775793b27fc97a32ba7ff06276bfacd23e7090c42a62b45cef220e005f0d07e

Score
10/10
formbooks2wtratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s2wt

C2

http://www.neumanesseriran.com/s2wt/

Decoy

yukiyamaapperal.com

rumasultan.store

japaese.com

quangphatloi.com

148atk.xyz

myheatstore.online

theedeneconomy.com

5xssc1.icu

krakensistem.xyz

gwangyo.com

lj-safe-keepingkokoka6.xyz

naturetheaterofoklahoma.com

perayaanwisudaitb.com

hrbsxxf.com

allencountypallet.com

vizit-app.com

startstartnow.com

inviertechile.com

haysneedlepotracks.com

cfdbestbroker.online

Targets

    • Target

      HENTEC12834.exe

    • Size

      530KB

    • MD5

      5ede73c34f56df7353c2516b0b544d3d

    • SHA1

      3245d570c89fb1e5e4ff7f216aa6cb12099726e2

    • SHA256

      bb6c08035fd7dc06d3ace7952af7bd640c45c548e087dba1deaa45f1861b0077

    • SHA512

      5adf0752e70c5a04eabf3a5eb8d0694836e510421cf87057410bb95e4085fb6cb775793b27fc97a32ba7ff06276bfacd23e7090c42a62b45cef220e005f0d07e

    Score
    10/10
    formbooks2wtratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks