Overview

overview

10

Static

static

1

PO2847310.exe

windows7_x64

10

PO2847310.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO2847310.exe

  • Size

    414KB

  • Sample

    220126-h5htxaadcl

  • MD5

    bc4b7eea8a9c64a1cd66a209ce48125c

  • SHA1

    9a78326725fc0966047f102c375ae669509eda89

  • SHA256

    4a1a658896edc2f583967722a2115b8d69442b6448e330c1e5995ce5d431282f

  • SHA512

    f844860beff214f572ae6e95b9488cb75d8440343766561ffd5162663794d930e669aee0d7df828653a0f51778a9c6254383893ecbdf0b5df50461d00cc4ccc5

Score
10/10
formbookw24yratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

w24y

Decoy

17zuqiu8.com

gotdangog.com

olvacouriertrujillo.com

jun2199.com

pupmetaverse.com

ttoo.site

xn--74k-4v2i.com

boskal.space

sj0668.icu

billsflive.com

thevisonllc.com

curatedchannelmarketing.com

paintpartyohio.com

carsharingvalet.com

poohcrush.com

healthycattreatoptions.club

domaincloud.tech

mrandmrsbatten.com

vermaatvloeren.com

baoziji8.icu

Targets

    • Target

      PO2847310.exe

    • Size

      414KB

    • MD5

      bc4b7eea8a9c64a1cd66a209ce48125c

    • SHA1

      9a78326725fc0966047f102c375ae669509eda89

    • SHA256

      4a1a658896edc2f583967722a2115b8d69442b6448e330c1e5995ce5d431282f

    • SHA512

      f844860beff214f572ae6e95b9488cb75d8440343766561ffd5162663794d930e669aee0d7df828653a0f51778a9c6254383893ecbdf0b5df50461d00cc4ccc5

    Score
    10/10
    formbookw24yratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks