Overview

overview

10

Static

static

663761b54a...f0.exe

windows7_x64

10

663761b54a...f0.exe

windows10-2004_x64

1

Analysis

  • max time kernel
    122s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    31-01-2022 12:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    663761b54a50098040c6a882fca010f0.exe

  • Size

    510KB

  • MD5

    663761b54a50098040c6a882fca010f0

  • SHA1

    271781ac1b7af0ef538fc37510add12cbef3253d

  • SHA256

    3090eb9593159bb7832f0d55b935396e585d8095b4c7c5f07922848a41a20d70

  • SHA512

    e642c9877e6487898d4d9bdc6283d7a7e4902c4a72a94ca25051d8c7f3e00b165258f96a8295df021aacd28fe959c71725a1beb4215022fcc5e88315c087bdba

Score
10/10
formbookqugoratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

qugo

Decoy

sathapornstainlesssteel.com

everythingisaninvestment.com

appsbyraf.com

superhornygirl.club

christmastreeclass.com

cheatdayztogo.com

aadent7.com

divinitypath.com

figuli563.com

distanzalojistik.com

pricelesslookyto-looktoday.info

pcaaems.com

itsnewmovie.com

4kx.claims

rental-aruyo.com

psiek.com

justnobleempress.com

40daysfor40nights.com

91266w.com

csi-texas.biz

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook Payload 1 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\663761b54a50098040c6a882fca010f0.exe
    "C:\Users\Admin\AppData\Local\Temp\663761b54a50098040c6a882fca010f0.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1600
    • C:\Users\Admin\AppData\Local\Temp\663761b54a50098040c6a882fca010f0.exe
      "C:\Users\Admin\AppData\Local\Temp\663761b54a50098040c6a882fca010f0.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1600-54-0x00000000009B0000-0x0000000000A36000-memory.dmp
    Filesize

    536KB

    Download
  • memory/1600-55-0x0000000075CE1000-0x0000000075CE3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1600-56-0x0000000004ED0000-0x0000000004ED1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1600-57-0x0000000000530000-0x0000000000544000-memory.dmp
    Filesize

    80KB

    Download
  • memory/1600-58-0x0000000004E30000-0x0000000004E96000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1736-59-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1736-60-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1736-61-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download