Overview

overview

10

Static

static

5

0bfad23551...78.exe

windows7_x64

10

0bfad23551...78.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0bfad235516b2334cb08d5a91165ab3cdbbf0dc40caa8cc51a8c80308b78c878

  • Size

    1.2MB

  • Sample

    220509-a1jlmsegal

  • MD5

    a96b7c63e619507c2e2f0d6578c64a04

  • SHA1

    8901dbed4ad6f73fc0a9ba1682bbffb6808e429f

  • SHA256

    0bfad235516b2334cb08d5a91165ab3cdbbf0dc40caa8cc51a8c80308b78c878

  • SHA512

    0dfe34d046341545a468e842d7df09a386fff1e96fc1f4d400a6c47c5a73dd9ca5ac0655087fe4ee078aee81d7b993499a3c2360d503020cd5ab05bb9c6b02e1

Score
10/10
formbook3nopratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3nop

Decoy

bakecakesandmore.com

shenglisuoye.com

chinapopfactory.com

ynlrhd.com

liqourforyou.com

leonqamil.com

meccafon.com

online-marketing-strategie.biz

rbfxi.com

frseyb.info

leyu91.com

hotsmail.today

beepot.tech

dunaemmetmobility.com

sixpenceworkshop.com

incrediblefavorcoaching.com

pofo.info

yanshudaili.com

yellowbrickwedding.com

paintpartyblueprint.com

Targets

    • Target

      0bfad235516b2334cb08d5a91165ab3cdbbf0dc40caa8cc51a8c80308b78c878

    • Size

      1.2MB

    • MD5

      a96b7c63e619507c2e2f0d6578c64a04

    • SHA1

      8901dbed4ad6f73fc0a9ba1682bbffb6808e429f

    • SHA256

      0bfad235516b2334cb08d5a91165ab3cdbbf0dc40caa8cc51a8c80308b78c878

    • SHA512

      0dfe34d046341545a468e842d7df09a386fff1e96fc1f4d400a6c47c5a73dd9ca5ac0655087fe4ee078aee81d7b993499a3c2360d503020cd5ab05bb9c6b02e1

    Score
    10/10
    formbook3nopratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks