Overview

overview

10

Static

static

9e50ed0943...7c.exe

windows7_x64

10

9e50ed0943...7c.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    119s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    31-01-2022 12:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9e50ed09439b4f2206f6cee1b233677c.exe

  • Size

    510KB

  • MD5

    9e50ed09439b4f2206f6cee1b233677c

  • SHA1

    719705903de481a3c680db18f8cef892efef3dc7

  • SHA256

    b45a38f7012d02b12d3613d25450847d87c14c9b3207380594fc5e1f1b1728d9

  • SHA512

    927789d6fca24317b1cc41825485cf06cf337204d8007b32220ef2fb28ee48275102a9148682336f76e7586e5ed714d1de2098c08886ea1b76007880a5c45d80

Score
10/10
formbookbt33ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bt33

Decoy

mbaonlinefreedegress.info

myforevermaid.com

daoyi365.com

weientm.com

legal-mx.com

formationrigging.com

heidiet.xyz

school-prosto.store

healthvitaminnutrition.com

digitalsolutionusa.com

little-bazar.com

jnbeautycanada.com

optoelek.com

learntoairmail.com

hawkminer.com

kingofearth.love

ktnstay.xyz

zouxin.love

mainlandpr.com

mamm-hummel.com

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook Payload 1 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9e50ed09439b4f2206f6cee1b233677c.exe
    "C:\Users\Admin\AppData\Local\Temp\9e50ed09439b4f2206f6cee1b233677c.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1648
    • C:\Users\Admin\AppData\Local\Temp\9e50ed09439b4f2206f6cee1b233677c.exe
      "C:\Users\Admin\AppData\Local\Temp\9e50ed09439b4f2206f6cee1b233677c.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1500-59-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1500-60-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1500-61-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1648-54-0x0000000001120000-0x00000000011A6000-memory.dmp
    Filesize

    536KB

    Download
  • memory/1648-55-0x0000000076001000-0x0000000076003000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1648-56-0x0000000000290000-0x00000000002A4000-memory.dmp
    Filesize

    80KB

    Download
  • memory/1648-57-0x0000000000660000-0x0000000000661000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1648-58-0x0000000000F00000-0x0000000000F66000-memory.dmp
    Filesize

    408KB

    Download