Overview

overview

10

Static

static

e__ample_at.exe

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e__ample_at.exe

  • Size

    696KB

  • Sample

    211019-qvlf2sfhc6

  • MD5

    4b893ddd41f5546da9ab79b8f3e8487a

  • SHA1

    36b2dcb7e232ca1b6f5be4f480334fea7075acdb

  • SHA256

    10395ba8c32eeef47f5d79f9fe7bb15ed1f67f7941cade16604b09ed69fba6ab

  • SHA512

    d6e0e214db78df936c210a8b05ae3caddbf6a948d877abad78b6e803f88cd1402519156fd83f2ce4901fb8d13a4e8830a7dcfe327b2df85f98068ce5c7575714

Score
10/10
formbookbs2lratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bs2l

C2

http://www.amazonsfinds.com/bs2l/

Decoy

file-anae.com

letsgosunderland.com

urgome.com

g5tet.xyz

myline2online.com

crafty-buck.com

uralpack.net

chinmeat.com

kursuskekipoh.com

justgantt.com

hqh.xyz

xiongege55.com

pokebrostogo.com

firststonemusic.com

bataviabento.com

comoditahandyshop.com

dayloniabeauty.com

ceeonec.com

scribblerhub.com

lindosueno.com

Targets

    • Target

      e__ample_at.exe

    • Size

      696KB

    • MD5

      4b893ddd41f5546da9ab79b8f3e8487a

    • SHA1

      36b2dcb7e232ca1b6f5be4f480334fea7075acdb

    • SHA256

      10395ba8c32eeef47f5d79f9fe7bb15ed1f67f7941cade16604b09ed69fba6ab

    • SHA512

      d6e0e214db78df936c210a8b05ae3caddbf6a948d877abad78b6e803f88cd1402519156fd83f2ce4901fb8d13a4e8830a7dcfe327b2df85f98068ce5c7575714

    Score
    10/10
    formbookbs2lratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks