Overview

overview

10

Static

static

318c866ef0...70.exe

windows7_x64

10

318c866ef0...70.exe

windows10_x64

10

Analysis

  • max time kernel
    80s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    06-07-2021 09:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    318c866ef078ec6d9597aaebed8bc370.exe

  • Size

    799KB

  • MD5

    318c866ef078ec6d9597aaebed8bc370

  • SHA1

    4d0008cb7d64f6fb5378672bc4a2edba43546e1f

  • SHA256

    54469ace58ddcfdd6d834574d87003857b0cda05e27a0b8e31cb0b58e6ca105d

  • SHA512

    cd32fd72eda19e8a2210a3b646b21cbee5b722672773a49c0e4dc02fdaad9c9fb99a60326eb1a9589e4b02b3e30eb85e2c5a3b5cfd767155f72fa123f9e68985

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.survivai.com/bsdd/

Decoy

533dh.com

galerisikayet.xyz

tipsyalligator.com

crystalwellnessstudio.com

moovaap.com

lelfie.network

speedy-trips.com

prospectsolucoes.com

24x7customersservice.com

szbinsen.com

shikhardeals.com

totaldenta.com

ayksjx.com

avxrja.online

24kyule888.com

ufaw.net

spinozone.com

castvoicesmsreg.com

lajollawoodworks.com

renetyson.com

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook Payload 2 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\318c866ef078ec6d9597aaebed8bc370.exe
    "C:\Users\Admin\AppData\Local\Temp\318c866ef078ec6d9597aaebed8bc370.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1644
    • C:\Users\Admin\AppData\Local\Temp\318c866ef078ec6d9597aaebed8bc370.exe
      "C:\Users\Admin\AppData\Local\Temp\318c866ef078ec6d9597aaebed8bc370.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/576-66-0x000000000041EB30-mapping.dmp
    Download
  • memory/576-65-0x0000000000400000-0x000000000042E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/576-68-0x0000000000D00000-0x0000000001003000-memory.dmp
    Filesize

    3.0MB

    Download
  • memory/1644-59-0x0000000000C30000-0x0000000000C31000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1644-61-0x0000000004E10000-0x0000000004E11000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1644-62-0x0000000000370000-0x000000000037F000-memory.dmp
    Filesize

    60KB

    Download
  • memory/1644-63-0x0000000004D30000-0x0000000004DAE000-memory.dmp
    Filesize

    504KB

    Download
  • memory/1644-64-0x0000000000770000-0x00000000007B4000-memory.dmp
    Filesize

    272KB

    Download