Overview

overview

10

Static

static

10

1476-78-0x...ry.exe

windows7-x64

1

1476-78-0x...ry.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    1476-78-0x0000000000400000-0x000000000042F000-memory.dmp

  • Size

    188KB

  • Sample

    220830-qa99nshcan

  • MD5

    a26d9d18e914e0c5f886d2b82aff309d

  • SHA1

    2abe1b416b41cb20f993e9a6674b024e43cebdfa

  • SHA256

    f25a78fe0e202cd88e8737d9e30c43e5bc0509b1c7c1a1a38dd4506b8f2970ca

  • SHA512

    c8cecd1bcf62eb4173f756749e855ac20758ff150c03689796299833f5dc81912f0c702f44f787b04de7fcbd108b47db6046b9601cadf267464d66697443506f

  • SSDEEP

    3072:qI+EHevoFR+3Q/G/uqKKEgCU4Y3oMKlde1w9DLg28KM:xBYQe/uTKEgC83oXW6NLg2i

Score
10/10
formbookag94rat

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ag94

Decoy

rexperfume.com

nguyens.site

jdzdzx.com

ashleybofficial.com

rc986.com

zenritusen-mania.com

cesarortizescritor.com

batchhousetapas.co.uk

aprendoenperu.com

nutricialia.online

astertion.top

gshhmy.com

veganrebels.uk

verification-regionsbank.com

perfectigirls.top

thisiskay.com

ftpbook.com

yzshwurp.top

thedigitalzenith.com

t-mobilesettlemet.com

Targets

    • Target

      1476-78-0x0000000000400000-0x000000000042F000-memory.dmp

    • Size

      188KB

    • MD5

      a26d9d18e914e0c5f886d2b82aff309d

    • SHA1

      2abe1b416b41cb20f993e9a6674b024e43cebdfa

    • SHA256

      f25a78fe0e202cd88e8737d9e30c43e5bc0509b1c7c1a1a38dd4506b8f2970ca

    • SHA512

      c8cecd1bcf62eb4173f756749e855ac20758ff150c03689796299833f5dc81912f0c702f44f787b04de7fcbd108b47db6046b9601cadf267464d66697443506f

    • SSDEEP

      3072:qI+EHevoFR+3Q/G/uqKKEgCU4Y3oMKlde1w9DLg28KM:xBYQe/uTKEgC83oXW6NLg2i

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks