Overview

overview

10

Static

static

obizx[1].e...fe.exe

windows7_x64

10

obizx[1].e...fe.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    obizx[1].exe (1).unsafe

  • Size

    463KB

  • Sample

    211123-z9sckseec3

  • MD5

    0a71c35dcbffd0f54fdc5ec7145f499e

  • SHA1

    fd7ddf557fb83b3e80d5e674ce8f30d437f83e81

  • SHA256

    22c24f925b1d70e1978f7a5acd9eddd8917d42681d0fc763639f568f93224e2d

  • SHA512

    b46c3a6d787d6eb5948fb9b1393a9c637d8423fa0ca8226689efd0e91d83eeffde40050f0701aab09e80211a347547118c79cffbd7bcbde3df4b2d29a8469b91

Score
10/10
formbookob7yratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ob7y

C2

http://www.metanewsroom.net/ob7y/

Decoy

ipsdjf.com

mlphntec.com

restaurant-day.store

writeramylong.com

flokigamefi.com

usetianyi.xyz

punishstrikebreaker.quest

ericnfleming.com

dhhwtieen.xyz

milfhackers.com

fewefie.store

pithstsdiet.store

kirsten-hemmerich.com

casinolopoca.com

sigag.xyz

geilepoes.com

metawhatsapp.art

sarjin.xyz

toprabatte.net

lotofbrave.club

Targets

    • Target

      obizx[1].exe (1).unsafe

    • Size

      463KB

    • MD5

      0a71c35dcbffd0f54fdc5ec7145f499e

    • SHA1

      fd7ddf557fb83b3e80d5e674ce8f30d437f83e81

    • SHA256

      22c24f925b1d70e1978f7a5acd9eddd8917d42681d0fc763639f568f93224e2d

    • SHA512

      b46c3a6d787d6eb5948fb9b1393a9c637d8423fa0ca8226689efd0e91d83eeffde40050f0701aab09e80211a347547118c79cffbd7bcbde3df4b2d29a8469b91

    Score
    10/10
    formbookob7yratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks