Overview

overview

10

Static

static

1

USD54,884....4D.exe

windows7_x64

10

USD54,884....4D.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    USD54,884.56_202110260056MT103_0034D.exe

  • Size

    267KB

  • Sample

    211026-h9ja8sghg9

  • MD5

    9eea5277e11627651e1628b7da56044d

  • SHA1

    b6b160d2d53f9b55e186b809654519bb095399d9

  • SHA256

    827b490e3a19a6c6e1fb7766e3a85957648c133fb6fb6a15cb48100dd8b06422

  • SHA512

    f2fc56a72ae74bf9cf1aee7cadf48c29ec0da1129c242bfd3cb54430820cfdb0068afac7f7c6bf96e2a4071b2abb2e3c2a0be840c40ffb689a869c73fad85498

Score
10/10
formbooknd1wratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

nd1w

C2

http://www.ahlongpteltd.com/nd1w/

Decoy

cartographieinterieure.store

de-tanautorisierung-6439.xyz

maxisezon.com

spottsalodio.xyz

thesocialguild.net

petemergencydoctor.com

czhtfmgj.com

incontrilocalimilano.com

132kingrd.com

clearviewsatellitesolutions.com

shopingmanplus.com

compuserviciosway.com

millportservicesltd.com

ticketinsurey.club

metro-club.com

aboutpoliticsofatom.com

brebawake.com

yurteam.com

dropadoo.com

wcsaroma2012.com

Targets

    • Target

      USD54,884.56_202110260056MT103_0034D.exe

    • Size

      267KB

    • MD5

      9eea5277e11627651e1628b7da56044d

    • SHA1

      b6b160d2d53f9b55e186b809654519bb095399d9

    • SHA256

      827b490e3a19a6c6e1fb7766e3a85957648c133fb6fb6a15cb48100dd8b06422

    • SHA512

      f2fc56a72ae74bf9cf1aee7cadf48c29ec0da1129c242bfd3cb54430820cfdb0068afac7f7c6bf96e2a4071b2abb2e3c2a0be840c40ffb689a869c73fad85498

    Score
    10/10
    formbooknd1wratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks