Overview

overview

10

Static

static

3be5ae8669...c2.exe

windows7_x64

10

3be5ae8669...c2.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3be5ae8669b6ba687a41f810fd648d20784c35c441fab98fcf03e931a98717c2

  • Size

    1002KB

  • Sample

    220320-bahr4adebk

  • MD5

    33b1fc7c4317d30a09c2fae159893418

  • SHA1

    1cb23f0d6da3a4d83cc0b6649f67a09e717cb5ce

  • SHA256

    3be5ae8669b6ba687a41f810fd648d20784c35c441fab98fcf03e931a98717c2

  • SHA512

    cd1e42d1a0e8117eb9e472d3bcbfb26f4f7ec5096e50d6eff52e464503d33a07c8dfefaf9b0a00ee87b69ebb2f8446c045608debd69bf1549b19584507a81835

Score
10/10
formbookngsratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ngs

Decoy

clickavisos.com

superbbeautysecrets.com

edxar.xyz

maximumpotentialfitness.net

exportsninports.com

ijwsm.com

kdawvam.icu

uere.website

pleasantviewgardennj.com

favorflavortexas.com

gilt.pro

nagahama63.com

fractalweed.com

acceptchaos.net

shopshop3.space

lunivers-de-flora.com

astrophiliabrand.com

thegloveexchange.com

bbrazesurgical.com

goswamipad.net

Targets

    • Target

      3be5ae8669b6ba687a41f810fd648d20784c35c441fab98fcf03e931a98717c2

    • Size

      1002KB

    • MD5

      33b1fc7c4317d30a09c2fae159893418

    • SHA1

      1cb23f0d6da3a4d83cc0b6649f67a09e717cb5ce

    • SHA256

      3be5ae8669b6ba687a41f810fd648d20784c35c441fab98fcf03e931a98717c2

    • SHA512

      cd1e42d1a0e8117eb9e472d3bcbfb26f4f7ec5096e50d6eff52e464503d33a07c8dfefaf9b0a00ee87b69ebb2f8446c045608debd69bf1549b19584507a81835

    Score
    10/10
    formbookngsratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks