Overview

overview

10

Static

static

3dd400266e...d1.exe

windows7_x64

10

3dd400266e...d1.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3dd400266e418778615ef84a247687d1.exe

  • Size

    514KB

  • Sample

    220131-pg6z6ahbcj

  • MD5

    3dd400266e418778615ef84a247687d1

  • SHA1

    995b055ae2eb4f7ed8dd0d603cc3690a2bbe5c3c

  • SHA256

    da00ad76bb648365108fb03a95cf69a56608e4605cfe02fcaf933af239ce7ac2

  • SHA512

    8a202b59dc234c35a4538c2040ba3b2855df073ef3f32ce06fa7f784f22971362a4efd98ff2a41cb7a3b77ad6f6c840b00fcc55f8662ab10d9edf3d38d8bc16e

Score
10/10
formbookcw22ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cw22

Decoy

betvoy206.com

nftstoners.com

tirupatibuilder.com

gulldesigns.com

shemhq.com

boricosmetic.com

bitcoinbillionaireboy.com

theflypaperplanes.com

retrocartours.com

yangzhie326.com

cheepchain.com

sentryr.com

luckirentalhomes.com

pointssquashers.com

dianasarabiantreasures.com

calendarsilo.com

sublike21.xyz

gajubg0up.xyz

lousfoodreviews.com

fades.site

Targets

    • Target

      3dd400266e418778615ef84a247687d1.exe

    • Size

      514KB

    • MD5

      3dd400266e418778615ef84a247687d1

    • SHA1

      995b055ae2eb4f7ed8dd0d603cc3690a2bbe5c3c

    • SHA256

      da00ad76bb648365108fb03a95cf69a56608e4605cfe02fcaf933af239ce7ac2

    • SHA512

      8a202b59dc234c35a4538c2040ba3b2855df073ef3f32ce06fa7f784f22971362a4efd98ff2a41cb7a3b77ad6f6c840b00fcc55f8662ab10d9edf3d38d8bc16e

    Score
    10/10
    formbookcw22ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks