Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/e...

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://github.com/enginestein/Virus-Collection

  • Sample

    240809-tqflsawfrf

Score
10/10
formbookhe2adiscoveryratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

he2a

Decoy

connectioncompass.store

zekicharge.com

dp77.shop

guninfo.guru

mamaeconomics.net

narcisme.coach

redtopassociates.com

ezezn.com

theoregondog.com

pagosmultired.online

emsculptcenterofne.com

meet-friends.online

pf326.com

wealthjigsaw.xyz

arsajib.com

kickassholdings.online

avaturre.biz

dtslogs.com

lb92.tech

pittalam.com

Targets

    • Target

      https://github.com/enginestein/Virus-Collection

    Score
    10/10
    formbookhe2adiscoveryratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Contacts a large (7864) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Formbook payload

      rat

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks