Overview

overview

10

Static

static

1

RT3051026.exe

windows7_x64

10

RT3051026.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RT3051026.exe

  • Size

    251KB

  • Sample

    211026-vaqx9ahhh2

  • MD5

    85ec8033b08a339d131abcf8746db957

  • SHA1

    d6364dccd2fff8640cb092bae5af2f41de0fad8e

  • SHA256

    0c36467c738ac49e2b04f05ebcdc3d9144727758b2e844bd91be84bff3f94956

  • SHA512

    51a71d1b7ada6f45dc80abb970a83d1ba35646e20a2511cc6bc400912df38c3cb7c7561f65173292c1f75bbfd8cae6159cc249d727d1748746a053dacc25aff5

Score
10/10
formbookmg0tratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mg0t

C2

http://www.q0yczwyc.asia/mg0t/

Decoy

3949842.com

webxdigital.net

dirums.online

metawiser.com

takefreepass.com

colphata.com

searchwebsafety.online

unrule.net

merch.ventures

tooreake.xyz

leonelaperu.com

qiangcai.xyz

cocco24.com

lovinganime.com

mbfad.com

historytodaygameshow.com

gadgetwellprotected.com

nutritoken-diet.com

liberty-lilies.com

singleofficial.com

Targets

    • Target

      RT3051026.exe

    • Size

      251KB

    • MD5

      85ec8033b08a339d131abcf8746db957

    • SHA1

      d6364dccd2fff8640cb092bae5af2f41de0fad8e

    • SHA256

      0c36467c738ac49e2b04f05ebcdc3d9144727758b2e844bd91be84bff3f94956

    • SHA512

      51a71d1b7ada6f45dc80abb970a83d1ba35646e20a2511cc6bc400912df38c3cb7c7561f65173292c1f75bbfd8cae6159cc249d727d1748746a053dacc25aff5

    Score
    10/10
    formbookmg0tratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks