Overview

overview

10

Static

static

1b415a5661...4f.exe

windows7_x64

10

1b415a5661...4f.exe

windows10_x64

10

Analysis

  • max time kernel
    81s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    06-07-2021 09:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b415a56616a9f7c2e37fc2ce570664f.exe

  • Size

    884KB

  • MD5

    1b415a56616a9f7c2e37fc2ce570664f

  • SHA1

    2e7a5b8378e9a0e5fd7f5a8321af4d128ef2a1a3

  • SHA256

    14ebcbc69653d3257eb42c91734bcf2a1ca5dff12c31c06cf955279ea4af5bfd

  • SHA512

    e77e25ffeae630cc2413fd969462a7fd019738f2981b4304ab6ba4cc5bb9530db3f1210c5cb90665529f6c25c03f6a63362362a18e6bb801edeccc979a0f711b

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.lifeafterbobby.com/vn3b/

Decoy

rowenglobal.com

abrirumaempresa.com

videosbet.xyz

blackbettyxt.com

trust-red.net

sonyalpharunors.com

shiqichaoji.com

allex-ru.com

totalpowerpc.store

ptocom.com

quantumsai.club

toughcookie.love

nivafitness.com

bioskopmovie21.com

giatsaygiare.com

xiongmaojingxuan.com

zjjly88.com

trampmotorsports.com

pibblekibble.com

mymounntnittanyhealth.com

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook Payload 2 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b415a56616a9f7c2e37fc2ce570664f.exe
    "C:\Users\Admin\AppData\Local\Temp\1b415a56616a9f7c2e37fc2ce570664f.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3540
    • C:\Users\Admin\AppData\Local\Temp\1b415a56616a9f7c2e37fc2ce570664f.exe
      "C:\Users\Admin\AppData\Local\Temp\1b415a56616a9f7c2e37fc2ce570664f.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2388-125-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2388-128-0x0000000000F40000-0x0000000001260000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2388-126-0x000000000041EB70-mapping.dmp

    Download

  • memory/3540-121-0x00000000057B0000-0x000000000584C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/3540-119-0x0000000005860000-0x0000000005861000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3540-120-0x0000000005B10000-0x0000000005B11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3540-114-0x0000000000F60000-0x0000000000F61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3540-122-0x0000000005CF0000-0x0000000005CFF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3540-123-0x00000000090D0000-0x000000000914A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/3540-124-0x000000000B720000-0x000000000B761000-memory.dmp

    Filesize

    260KB

    Download

  • memory/3540-118-0x0000000005940000-0x0000000005941000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3540-117-0x0000000005E40000-0x0000000005E41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3540-116-0x00000000058A0000-0x00000000058A1000-memory.dmp

    Filesize

    4KB

    Download