Overview

overview

10

Static

static

COMPANY PR...df.exe

windows7_x64

9

COMPANY PR...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d1b0b995cd714c9eb3f896879019bbea31f78e4ade3193e2222d38984926d267

  • Size

    299KB

  • Sample

    220205-lqbntsaag9

  • MD5

    1d3135460c78263247147a4a012c96d8

  • SHA1

    76c9dda75ff7afffab52ac814ad9b3f6328fd0b2

  • SHA256

    d1b0b995cd714c9eb3f896879019bbea31f78e4ade3193e2222d38984926d267

  • SHA512

    6e091efefe554e1450bf9af484271560c5db9bdca887861821ef2886c3090a57ac83813440d1cc01cad2f5cf9655d3208b4354209be7414cc8dc64a11d89e9fa

Score
10/10
formbookjb9ratrezer0spywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

jb9

Decoy

cloud-medical.com

maximtech-bd.com

3d-sprint.com

624vhw.info

nexdesk.net

flxcustomsigns.com

gvuzejobxa.info

xiaobaokm.com

565mt.com

servicioscuery.com

500360.biz

stephanieshermanart.com

boozebird.com

merckcousa.com

frenchkissldn.com

lucyfaulknerllc.com

egekartus.com

bookyabber.com

cardiacimaginginpractice.com

deucessound.com

Targets

    • Target

      COMPANY PROFILE_pdf.exe

    • Size

      613KB

    • MD5

      b9944266973f87de2c403a192ea512e9

    • SHA1

      dad5d6c849383cd568d409a3898d8a5f6f965838

    • SHA256

      481276a9bb55fca18c31952e4746dd5b480442e079dbf660318f780c22a9cf4d

    • SHA512

      2343b49478474f2d5d0855eee6ecade5b227bf8f77831bcf24cdcb71181bbd5451344e09a0048dc4178cbb9511141c18bf6943b02f00a39efd6488978e1e5622

    Score
    10/10
    rezer0formbookjb9ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks