Overview

overview

10

Static

static

15a4b8c660...3e.exe

windows7_x64

10

15a4b8c660...3e.exe

windows10_x64

10

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • submitted
    01-01-1970 00:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15a4b8c6607b8e67b0bba2d1b5dbd43e.exe

  • Size

    508KB

  • MD5

    15a4b8c6607b8e67b0bba2d1b5dbd43e

  • SHA1

    c77c0417b07c25c0e567f0d0362a8a80fc7c40e9

  • SHA256

    c4b1789371d832969f812bd0a577e380cdac00db6775d7fc251adf8d92c15d74

  • SHA512

    b168504f30e0714a8d2ec0eb79a9d49b5c1f84399ac0ee091fe9b4983e9ed77b9fd70398a6c2644b3295f777d3d9b84422f76897e722df579a1ef1dd66d8704c

Score
10/10
formbookmxwfratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mxwf

C2

http://www.zahnimplantatangebotede.com/mxwf/

Decoy

orders-cialis.info

auctionorbuy.com

meanmugsamore.com

yachtcrewmark.com

sacredkashilifestudio.net

themintyard.com

bragafoods.com

sierp.com

hausofdeme.com

anthonyjames915.com

bajardepesoencasa.com

marciaroyal.com

earringlifter.com

dsdjfhd9ddksa1as.info

bmzproekt.com

employmentbc.com

ptsdtreatment.space

vrchance.com

cnrongding.com

welovelit.com

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook Payload 2 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\15a4b8c6607b8e67b0bba2d1b5dbd43e.exe
    "C:\Users\Admin\AppData\Local\Temp\15a4b8c6607b8e67b0bba2d1b5dbd43e.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2756
    • C:\Users\Admin\AppData\Local\Temp\15a4b8c6607b8e67b0bba2d1b5dbd43e.exe
      "C:\Users\Admin\AppData\Local\Temp\15a4b8c6607b8e67b0bba2d1b5dbd43e.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2756-115-0x0000000000740000-0x0000000000741000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2756-117-0x00000000056A0000-0x00000000056A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2756-118-0x0000000005040000-0x0000000005041000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2756-119-0x00000000051A0000-0x000000000569E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/2756-120-0x0000000004FF0000-0x0000000004FF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2756-121-0x0000000005260000-0x0000000005266000-memory.dmp
    Filesize

    24KB

    Download
  • memory/2756-122-0x0000000005DA0000-0x0000000005DA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2756-123-0x0000000005640000-0x000000000568F000-memory.dmp
    Filesize

    316KB

    Download
  • memory/3936-124-0x0000000000400000-0x000000000042E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/3936-125-0x000000000041EBA0-mapping.dmp
    Download
  • memory/3936-126-0x0000000001330000-0x0000000001650000-memory.dmp
    Filesize

    3.1MB

    Download