Overview

overview

10

Static

static

ba01df16e4...df.exe

windows7_x64

10

ba01df16e4...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ba01df16e4c876e078348fd4479a8fdf.exe

  • Size

    717KB

  • Sample

    210504-kzb3h2v55e

  • MD5

    ba01df16e4c876e078348fd4479a8fdf

  • SHA1

    6c7f20976d3e7d9bf9f8a410cbc54962d1ef52bb

  • SHA256

    8353e30c6566795da3e5aa38a22b4707ee895cfa115ffa399cfbe7d57d00f91d

  • SHA512

    7d828277f9dfd39755b015cb25ee713159c2cf9d812ea938b408e0c21b9004b72d9efa21def95dfa307838db56558fd8e507ad10b887e1ed7ca1219a53e8747c

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.kelurahanpatikidul.xyz/op9s/

Decoy

playsystems-j.one

exchange.digital

usaleadsretrieval.com

mervegulistanaydin.com

heavythreadclothing.com

attorneyperu.com

lamuerteesdulce.com

catxirulo.com

willowrunconnemaras.com

laospecial.com

anchotrading.com

mycreditebook.com

jiujiu.plus

juniperconsulting.site

millionairsmindset.com

coronaviruscuredrugs.com

services-office.com

escanaim.com

20svip.com

pistonpounder.com

Targets

    • Target

      ba01df16e4c876e078348fd4479a8fdf.exe

    • Size

      717KB

    • MD5

      ba01df16e4c876e078348fd4479a8fdf

    • SHA1

      6c7f20976d3e7d9bf9f8a410cbc54962d1ef52bb

    • SHA256

      8353e30c6566795da3e5aa38a22b4707ee895cfa115ffa399cfbe7d57d00f91d

    • SHA512

      7d828277f9dfd39755b015cb25ee713159c2cf9d812ea938b408e0c21b9004b72d9efa21def95dfa307838db56558fd8e507ad10b887e1ed7ca1219a53e8747c

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks