Overview

overview

10

Static

static

0282fb6d34...af.exe

windows7_x64

10

0282fb6d34...af.exe

windows10_x64

10

Analysis

  • max time kernel
    117s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    06-05-2021 07:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0282fb6d3422cdebf88ba2d9ce0831af.exe

  • Size

    751KB

  • MD5

    0282fb6d3422cdebf88ba2d9ce0831af

  • SHA1

    f0c80f1d6ace27df947df38aae7b11ed4b6d7144

  • SHA256

    4fb3bfa3afd4fd027aff55a6cbbc8c3d92fb5dd84bca9d88ff893928a41b9a0a

  • SHA512

    ab8df1a2b5feb03c0df351a215d6e9bb16c3b92853aab0fe7c96308fa94e1eefc362a23cff5e61da2a3e93f28e44a9954b23e363ff6dbc72ac90da95c5f8e6de

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.projectx-dev.net/hci/

Decoy

0357shop.com

cinargenerator.com

freshwes.com

dance-pods.com

cptinsano.com

animaltales1.com

ridernationusa.com

christophergagnon.com

bzjp.icu

culturefap.com

illustrationtees.com

handwritingwork.com

thebullrunranch.com

wujingli.com

wifihouten.online

okavagegroup.com

makaladiggsfitness.com

ruvapy.com

customergirl.com

guangzhoushujukuzxtftf.com

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook Payload 2 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0282fb6d3422cdebf88ba2d9ce0831af.exe
    "C:\Users\Admin\AppData\Local\Temp\0282fb6d3422cdebf88ba2d9ce0831af.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1096
    • C:\Users\Admin\AppData\Local\Temp\0282fb6d3422cdebf88ba2d9ce0831af.exe
      "C:\Users\Admin\AppData\Local\Temp\0282fb6d3422cdebf88ba2d9ce0831af.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/704-67-0x000000000041EB90-mapping.dmp
    Download
  • memory/704-66-0x0000000000400000-0x000000000042E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/704-69-0x0000000000840000-0x0000000000B43000-memory.dmp
    Filesize

    3.0MB

    Download
  • memory/1096-60-0x0000000000DF0000-0x0000000000DF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-62-0x0000000000240000-0x0000000000241000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-63-0x0000000000230000-0x000000000023E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1096-64-0x0000000005090000-0x0000000005143000-memory.dmp
    Filesize

    716KB

    Download
  • memory/1096-65-0x0000000004A40000-0x0000000004AAD000-memory.dmp
    Filesize

    436KB

    Download