Overview

overview

10

Static

static

30960d3f02...3c.exe

windows7_x64

10

30960d3f02...3c.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    30960d3f020c7f741a8ef2a0dc78013c

  • Size

    400KB

  • Sample

    220127-q6e4eaebf8

  • MD5

    30960d3f020c7f741a8ef2a0dc78013c

  • SHA1

    e7365401cedd20b086cdb9030238baf130edb0bb

  • SHA256

    459238db7010365ad248cd0c1afa4947a39bf34b47927dd9ea6e77056979842a

  • SHA512

    beb0475cc8bef1cb9ecc5917f4ac26610de0dcfb46560aa8a7557d6d505bbc5173f2a59798f80775c90f27b65b911ecbbe5100248c64300c106d423ebcad1198

Score
10/10
formbookcw22ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cw22

Decoy

betvoy206.com

nftstoners.com

tirupatibuilder.com

gulldesigns.com

shemhq.com

boricosmetic.com

bitcoinbillionaireboy.com

theflypaperplanes.com

retrocartours.com

yangzhie326.com

cheepchain.com

sentryr.com

luckirentalhomes.com

pointssquashers.com

dianasarabiantreasures.com

calendarsilo.com

sublike21.xyz

gajubg0up.xyz

lousfoodreviews.com

fades.site

Targets

    • Target

      30960d3f020c7f741a8ef2a0dc78013c

    • Size

      400KB

    • MD5

      30960d3f020c7f741a8ef2a0dc78013c

    • SHA1

      e7365401cedd20b086cdb9030238baf130edb0bb

    • SHA256

      459238db7010365ad248cd0c1afa4947a39bf34b47927dd9ea6e77056979842a

    • SHA512

      beb0475cc8bef1cb9ecc5917f4ac26610de0dcfb46560aa8a7557d6d505bbc5173f2a59798f80775c90f27b65b911ecbbe5100248c64300c106d423ebcad1198

    Score
    10/10
    formbookcw22ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks