Overview

overview

10

Static

static

7e6941867e...90.exe

windows7_x64

10

7e6941867e...90.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7e6941867ebd9aeb6ca816a7fd3fc190

  • Size

    348KB

  • Sample

    211026-r1wpmshga2

  • MD5

    7e6941867ebd9aeb6ca816a7fd3fc190

  • SHA1

    d800272e4e9dd8eb2545378c375bf7b287c61675

  • SHA256

    21aa20c4adfe3bea202c5e1d3915072546ee0b927060e02e8c57ffc54caef90a

  • SHA512

    6df5f59b1f0c314c1583dacc3ac9ff6a6df71b46949507f497544765ccc36e5b5162886af5f741e371d4e0cd9efcdc19170c120b14e9d4127814cc4f6fa180d4

Score
10/10
formbooks18yratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s18y

C2

http://www.agentpathleurre.space/s18y/

Decoy

jokes-online.com

dzzdjn.com

lizzieerhardtebnaryepptts.com

interfacehand.xyz

sale-m.site

block-facebook.com

dicasdamadrinha.com

maythewind.com

hasari.net

omnists.com

thevalley-eg.com

rdfj.xyz

szhfcy.com

alkalineage.club

fdf.xyz

absorplus.com

poldolongo.com

badassshirts.club

ferienwohnungenmv.com

bilboondokoak.com

Targets

    • Target

      7e6941867ebd9aeb6ca816a7fd3fc190

    • Size

      348KB

    • MD5

      7e6941867ebd9aeb6ca816a7fd3fc190

    • SHA1

      d800272e4e9dd8eb2545378c375bf7b287c61675

    • SHA256

      21aa20c4adfe3bea202c5e1d3915072546ee0b927060e02e8c57ffc54caef90a

    • SHA512

      6df5f59b1f0c314c1583dacc3ac9ff6a6df71b46949507f497544765ccc36e5b5162886af5f741e371d4e0cd9efcdc19170c120b14e9d4127814cc4f6fa180d4

    Score
    10/10
    formbooks18yratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks