Overview

overview

10

Static

static

new Spain ...om.exe

windows7-x64

10

new Spain ...om.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    new Spain order.com.exe

  • Size

    726KB

  • Sample

    220916-17ybgsceeq

  • MD5

    aa323408f446326ee95f7570110ab58d

  • SHA1

    3f806d288c3e03dbf635cc9ba7d6043473cb54f2

  • SHA256

    ee3b8f87e0993f38afcdac3eb6f37c47376532dfa0f50e8ac0d82563f8590cb5

  • SHA512

    0f4bfc58576fc7e98961809724a8f307899d967bcbdc1dfb908a0fe6e6d209e8d9287d66eeb2b20bc4fc692c8d3424f387cb16c9040b095f3644c06086e0d28a

  • SSDEEP

    12288:KgCpOiVNVuE6mX22osOBfp+5aATvfIYDv3A9PAmiAmFGtJO:OBUm2fp+hvf1q1PV

Score
10/10
formbookp94aratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p94a

Decoy

wishgrove.com

parqueveiculos.com

spiderwebs.online

chulkanadham.com

cdtuan.net

zxazm.com

payment6528832.xyz

fengtaiol.com

bffsmovie.com

aliceseagerfitness.com

garisluruskonsulindo.website

analytical-gutter.net

ahcq8.com

fenyoga.com

ecleptic.cat

conjurecrafts.com

aquaway.date

apenpokkenschoonmaakbedrijf.com

zgramr.top

boweknives.site

Targets

    • Target

      new Spain order.com.exe

    • Size

      726KB

    • MD5

      aa323408f446326ee95f7570110ab58d

    • SHA1

      3f806d288c3e03dbf635cc9ba7d6043473cb54f2

    • SHA256

      ee3b8f87e0993f38afcdac3eb6f37c47376532dfa0f50e8ac0d82563f8590cb5

    • SHA512

      0f4bfc58576fc7e98961809724a8f307899d967bcbdc1dfb908a0fe6e6d209e8d9287d66eeb2b20bc4fc692c8d3424f387cb16c9040b095f3644c06086e0d28a

    • SSDEEP

      12288:KgCpOiVNVuE6mX22osOBfp+5aATvfIYDv3A9PAmiAmFGtJO:OBUm2fp+hvf1q1PV

    Score
    10/10
    formbookp94aratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks