Overview

overview

10

Static

static

1

39203048BY...83.exe

windows7_x64

10

39203048BY...83.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    39203048BYW2993849483.exe

  • Size

    656KB

  • Sample

    211119-qrs2qaddf9

  • MD5

    969c9f98fb5d2de8c9f4951a2dedc571

  • SHA1

    5c8963a46a2f492500b9f113f9457772d5ad1d9a

  • SHA256

    b7602e7d309795640e020a679f93dfd3cb890bc9073a8ead233ab5323c6e0551

  • SHA512

    fd4ae7646c686e4032c80c2c36dade002cc9e2910069dde09952215e8ccbbbdea9cf40bc1bf14005675aed322627582713a2a4344ee5d209ddd239b12fcde3de

Score
10/10
formbookob7yratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ob7y

C2

http://www.metanewsroom.net/ob7y/

Decoy

ipsdjf.com

mlphntec.com

restaurant-day.store

writeramylong.com

flokigamefi.com

usetianyi.xyz

punishstrikebreaker.quest

ericnfleming.com

dhhwtieen.xyz

milfhackers.com

fewefie.store

pithstsdiet.store

kirsten-hemmerich.com

casinolopoca.com

sigag.xyz

geilepoes.com

metawhatsapp.art

sarjin.xyz

toprabatte.net

lotofbrave.club

Targets

    • Target

      39203048BYW2993849483.exe

    • Size

      656KB

    • MD5

      969c9f98fb5d2de8c9f4951a2dedc571

    • SHA1

      5c8963a46a2f492500b9f113f9457772d5ad1d9a

    • SHA256

      b7602e7d309795640e020a679f93dfd3cb890bc9073a8ead233ab5323c6e0551

    • SHA512

      fd4ae7646c686e4032c80c2c36dade002cc9e2910069dde09952215e8ccbbbdea9cf40bc1bf14005675aed322627582713a2a4344ee5d209ddd239b12fcde3de

    Score
    10/10
    formbookob7yratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks