Overview

overview

10

Static

static

brazil order.scr

windows7-x64

10

brazil order.scr

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    brazil order.scr

  • Size

    682KB

  • Sample

    220815-jqlspagbep

  • MD5

    17a3d3bb480da7510a2db13bd7867210

  • SHA1

    b77be761282bf96b9ff19420d8709d7bed43c9fd

  • SHA256

    e8c2f0fc24e8cc88308a76edbd992b6be7e6036f728a22c5e8fffc1cc199a7c2

  • SHA512

    f703a7fafce6813c797f2cead9d0e82cb25e748cea27dc57b4b684d20eb29c79eceaa5a7e79740c16ff090e1d00326e63bfaa92b7444b406a615365e95afc7fb

Score
10/10
formbookp94aratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p94a

Decoy

wishgrove.com

parqueveiculos.com

spiderwebs.online

chulkanadham.com

cdtuan.net

zxazm.com

payment6528832.xyz

fengtaiol.com

bffsmovie.com

aliceseagerfitness.com

garisluruskonsulindo.website

analytical-gutter.net

ahcq8.com

fenyoga.com

ecleptic.cat

conjurecrafts.com

aquaway.date

apenpokkenschoonmaakbedrijf.com

zgramr.top

boweknives.site

Targets

    • Target

      brazil order.scr

    • Size

      682KB

    • MD5

      17a3d3bb480da7510a2db13bd7867210

    • SHA1

      b77be761282bf96b9ff19420d8709d7bed43c9fd

    • SHA256

      e8c2f0fc24e8cc88308a76edbd992b6be7e6036f728a22c5e8fffc1cc199a7c2

    • SHA512

      f703a7fafce6813c797f2cead9d0e82cb25e748cea27dc57b4b684d20eb29c79eceaa5a7e79740c16ff090e1d00326e63bfaa92b7444b406a615365e95afc7fb

    Score
    10/10
    formbookp94aratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks