Overview

overview

10

Static

static

CSA73881.exe

windows7-x64

10

CSA73881.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CSA73881.exe

  • Size

    2.1MB

  • Sample

    220808-pmf1xsafbr

  • MD5

    3ed3236517a40602d654555bc912d926

  • SHA1

    16dc042b543fe473703e711844f508d353d6d6af

  • SHA256

    3702b6cfa76e492d56bd9da5f99f7ff805e32c16b3840ee66bb13a812f5d3155

  • SHA512

    05c6c1d72929e8221522452ce757467a05b07a6e6a8a85ef6f0f16f8dc052068fdb54636f8526dd0eeea7c9fe743dcc4eba6fb84f36cc4a3bbc82b7d057f93d2

Score
10/10
formbookmh76ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mh76

Decoy

healthgovcalottery.net

wenxinliao.com

rooterphd.com

bbobbo.one

american-mes-de-dezembro.xyz

mintager.com

thespecialtstore.com

wemakegreenhomes.com

occurandmental.xyz

fidelityrealtytitle.com

numerisat.asia

wearestallions.com

supxl.com

rajacumi.com

renaziv.online

blixtindustries.com

fjljq.com

exploretrivenicamping.com

authenticusspa.com

uucloud.press

Targets

    • Target

      CSA73881.exe

    • Size

      2.1MB

    • MD5

      3ed3236517a40602d654555bc912d926

    • SHA1

      16dc042b543fe473703e711844f508d353d6d6af

    • SHA256

      3702b6cfa76e492d56bd9da5f99f7ff805e32c16b3840ee66bb13a812f5d3155

    • SHA512

      05c6c1d72929e8221522452ce757467a05b07a6e6a8a85ef6f0f16f8dc052068fdb54636f8526dd0eeea7c9fe743dcc4eba6fb84f36cc4a3bbc82b7d057f93d2

    Score
    10/10
    formbookmh76ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks