Overview

overview

10

Static

static

075bd1e3e3...5a.exe

windows7_x64

10

075bd1e3e3...5a.exe

windows10_x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows10_x64
  • resource
    win10-en-20211104
  • submitted
    25-11-2021 19:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    075bd1e3e3e0c01794ee6a84be2c585a.exe

  • Size

    722KB

  • MD5

    075bd1e3e3e0c01794ee6a84be2c585a

  • SHA1

    984a18333bcd137d00a2223a10b83946f0b3949d

  • SHA256

    42173f59707de5929c3bc6cd37d5e0dc55d990bce2c29aa6deac6e86c3eec250

  • SHA512

    d00a949f26740996d4da000abc5b5241d812d3c7d1a1d0a92863a11f825b79333f20b4105bb2eaad67472f1229e35bd6e056a27be5c4418d639d18aeed3fc676

Score
10/10
formbook9gr5ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

9gr5

C2

http://www.cuteprofessionalscrubs.com/9gr5/

Decoy

newleafcosmetix.com

richermanscastle.com

ru-remonton.com

2diandongche.com

federaldados.design

jeffreycookweb.com

facecs.online

xmeclarn.xyz

olgasmith.xyz

sneakersonlinesale.com

playboyshiba.com

angelamiglioli.com

diitaldefynd.com

whenevergames.com

mtheartcustom.com

vitalactivesupply.com

twistblogr.com

xn--i8s140at3d6u7c.tel

baudelaireelhakim.com

real-estate-miami-searcher.site

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook Payload 2 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\075bd1e3e3e0c01794ee6a84be2c585a.exe
    "C:\Users\Admin\AppData\Local\Temp\075bd1e3e3e0c01794ee6a84be2c585a.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4276
    • C:\Users\Admin\AppData\Local\Temp\075bd1e3e3e0c01794ee6a84be2c585a.exe
      "C:\Users\Admin\AppData\Local\Temp\075bd1e3e3e0c01794ee6a84be2c585a.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:4456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4276-118-0x0000000000FA0000-0x0000000000FA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4276-120-0x0000000005E80000-0x0000000005E81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4276-121-0x0000000005890000-0x0000000005891000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4276-122-0x0000000005980000-0x0000000005E7E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/4276-123-0x0000000005940000-0x0000000005941000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4276-124-0x0000000005960000-0x0000000005968000-memory.dmp
    Filesize

    32KB

    Download
  • memory/4276-125-0x0000000005BE0000-0x0000000005BE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4276-126-0x0000000006680000-0x0000000006681000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4276-127-0x0000000006820000-0x00000000068A0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/4456-128-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/4456-129-0x000000000041F180-mapping.dmp
    Download
  • memory/4456-130-0x0000000000F00000-0x0000000001220000-memory.dmp
    Filesize

    3.1MB

    Download