Overview

overview

10

Static

static

QUOTATION-648737.exe

windows7-x64

10

QUOTATION-648737.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    QUOTATION-648737.exe

  • Size

    1.0MB

  • Sample

    220916-l83j9sbadm

  • MD5

    3360cb2e8f012336000af5894a0581d3

  • SHA1

    5cc27e92e52da08a973187b3c2401508ff2bc266

  • SHA256

    3e48726d82d9e1f43739b669d15d4f08a829ac4b31b12a8e0e2f003dcb65ae11

  • SHA512

    28c28ae5b68cbb6b318cbab431cee5d7e1e1516f82e92da0e45b1d7a119e7ec631c81117b54cf9d349206eb0b71f6df86c03e5ff622ba16319a83e2762460b3b

  • SSDEEP

    24576:ccpPlWcaVfGM0TY2tO2/2e7LWR45YyHwH:ccTWxlGLTY6xV2w

Score
10/10
formbookg2siratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g2si

Decoy

joshhawleyisabitch.com

clubterpellm.com

informacoesedicas.online

luxury-watches-22868.com

dttqy.cfd

shreevedcity.com

youtubemore.com

oimetya.xyz

capiltd.com

jifeihu.xyz

americapitalcreditunion.com

bliinspections.com

bmtiyu.online

informatoetutelato.com

certifiedbuilderoffunnels.com

britanniatimes.com

mvloqpcuht-7418.com

ryouri-zyouzu.com

xarrel.com

laptoplike.com

Targets

    • Target

      QUOTATION-648737.exe

    • Size

      1.0MB

    • MD5

      3360cb2e8f012336000af5894a0581d3

    • SHA1

      5cc27e92e52da08a973187b3c2401508ff2bc266

    • SHA256

      3e48726d82d9e1f43739b669d15d4f08a829ac4b31b12a8e0e2f003dcb65ae11

    • SHA512

      28c28ae5b68cbb6b318cbab431cee5d7e1e1516f82e92da0e45b1d7a119e7ec631c81117b54cf9d349206eb0b71f6df86c03e5ff622ba16319a83e2762460b3b

    • SSDEEP

      24576:ccpPlWcaVfGM0TY2tO2/2e7LWR45YyHwH:ccTWxlGLTY6xV2w

    Score
    10/10
    formbookg2siratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks