Overview

overview

10

Static

static

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fdcb2fd208c68b8ffde80d26a7e40a3d65f0479ef17ba08af4f9659a3e551d48

  • Size

    659KB

  • Sample

    220829-d55apaagfq

  • MD5

    f9a3cdc12852c0b905b94e0f349849cf

  • SHA1

    550a68569df15cbb6d49bd7acba568b1bec63a4b

  • SHA256

    fdcb2fd208c68b8ffde80d26a7e40a3d65f0479ef17ba08af4f9659a3e551d48

  • SHA512

    b63f19d89e7cb02b91b498095616dbf7f01fe3e4348111754cdebe078167b1bd3157b824967f12143e9e4db25de809c2199195f1b7e83dd249cc3d2f828c89d9

  • SSDEEP

    12288:aThFh11R/5PB+/SRHTp70ESIJmNSWGZN2O2KVGgmtapeHuvYaYZ0FK4jHJnJW7yi:gh3P3V970EzmNPGZwyGgmtofpjH6qy

Score
10/10
formbookd27eratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d27e

Decoy

lilysbusride.com

cloud-sechs.com

danpro.co.uk

wendoortech.com

playgroundrebellion.com

betventures.xyz

digimediasolution.net

abrahambetrayedus.com

whinefree.com

realeurolicence.com

makelovetrip.com

damediaagency.com

pinaralsan.com

5bobitw.com

shootingkarelia.online

website-staging.pro

manassadhvi.online

bathroomandkitcenking.com

realtormarket.net

dfysupport.com

Targets

    • Target

      fdcb2fd208c68b8ffde80d26a7e40a3d65f0479ef17ba08af4f9659a3e551d48

    • Size

      659KB

    • MD5

      f9a3cdc12852c0b905b94e0f349849cf

    • SHA1

      550a68569df15cbb6d49bd7acba568b1bec63a4b

    • SHA256

      fdcb2fd208c68b8ffde80d26a7e40a3d65f0479ef17ba08af4f9659a3e551d48

    • SHA512

      b63f19d89e7cb02b91b498095616dbf7f01fe3e4348111754cdebe078167b1bd3157b824967f12143e9e4db25de809c2199195f1b7e83dd249cc3d2f828c89d9

    • SSDEEP

      12288:aThFh11R/5PB+/SRHTp70ESIJmNSWGZN2O2KVGgmtapeHuvYaYZ0FK4jHJnJW7yi:gh3P3V970EzmNPGZwyGgmtofpjH6qy

    Score
    10/10
    formbookd27eratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks