Overview

overview

10

Static

static

e78c856746...48.exe

windows7_x64

10

e78c856746...48.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e78c85674617f34a2f69ffc8da6a3c48.exe

  • Size

    521KB

  • Sample

    211027-pmrgnaega7

  • MD5

    e78c85674617f34a2f69ffc8da6a3c48

  • SHA1

    9bfa82536dc11203b91441158dc5b8752126402e

  • SHA256

    342bac531d9b15d642629e91af8944289af752dd5d70c687e39cefe9a14dc81d

  • SHA512

    982e4325121967576f12ec8710e4397e0118b41524ed14f7581f44b5641bb7b574e2a64f01f3b132d595058e0d76f822ae7d197af6290cea9f19f86a9feb27ce

Score
10/10
formbookjy0bratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jy0b

C2

http://www.filecrev.com/jy0b/

Decoy

lamejorimagen.com

mykabukibrush.com

modgon.com

barefoottherapeutics.com

shimpeg.net

trade-sniper.com

chiangkhancityhotel.com

joblessmoni.club

stespritsubways.com

chico-group.com

nni8.xyz

searchtypically.online

jobsyork.com

bestsales-crypto.com

iqmarketing.info

bullcityphotobooths.com

fwssc.icu

1oc87s.icu

usdiesel.xyz

secrets2optimumnutrition.com

Targets

    • Target

      e78c85674617f34a2f69ffc8da6a3c48.exe

    • Size

      521KB

    • MD5

      e78c85674617f34a2f69ffc8da6a3c48

    • SHA1

      9bfa82536dc11203b91441158dc5b8752126402e

    • SHA256

      342bac531d9b15d642629e91af8944289af752dd5d70c687e39cefe9a14dc81d

    • SHA512

      982e4325121967576f12ec8710e4397e0118b41524ed14f7581f44b5641bb7b574e2a64f01f3b132d595058e0d76f822ae7d197af6290cea9f19f86a9feb27ce

    Score
    10/10
    formbookjy0bratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks