Overview

overview

10

Static

static

4a5dc061d3...c6.exe

windows7_x64

10

4a5dc061d3...c6.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4a5dc061d3675ed107553dae897363d3a60e954a343c4656b89a75ff132221c6

  • Size

    272KB

  • Sample

    220712-x8jypsfgh9

  • MD5

    3c17caa9d17af995510b24b8481a8c49

  • SHA1

    0a84e1c55247d791756f7f564bec1d99599282c1

  • SHA256

    4a5dc061d3675ed107553dae897363d3a60e954a343c4656b89a75ff132221c6

  • SHA512

    a251960ccc5f82834bfaf97a9c3a7d00a7613e5b8cc004ffa7e8e05ed22fbfd01a8cbece925013cf4dfd601c05cdfc5278e03cd064e3f2710ae24770da75a038

Score
10/10
formbookc100ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

c100

Decoy

pipegas.site

financemedianews24.com

fucome.net

zjzy2008.com

prettypeonyweddings.com

experientialcentre.com

unitrvl.net

hostracoin.com

empreintevocaletd.com

3564tabardln.info

hello-cheese.com

adserver4m3.com

nashuanhinteriordesign.com

taughtnot.com

manx641.com

loanplanner.net

freelanceunderground.com

rungoplushtoys.com

mariahsmccarthy.com

butterfliesandblueskies.com

Targets

    • Target

      4a5dc061d3675ed107553dae897363d3a60e954a343c4656b89a75ff132221c6

    • Size

      272KB

    • MD5

      3c17caa9d17af995510b24b8481a8c49

    • SHA1

      0a84e1c55247d791756f7f564bec1d99599282c1

    • SHA256

      4a5dc061d3675ed107553dae897363d3a60e954a343c4656b89a75ff132221c6

    • SHA512

      a251960ccc5f82834bfaf97a9c3a7d00a7613e5b8cc004ffa7e8e05ed22fbfd01a8cbece925013cf4dfd601c05cdfc5278e03cd064e3f2710ae24770da75a038

    Score
    10/10
    formbookc100ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks