Overview

overview

10

Static

static

10

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    185KB

  • Sample

    220917-rp4k4sdhdk

  • MD5

    527d139b035b5a1713708cd0204238ec

  • SHA1

    6fd4b193b022734a1d95123db189cda114796d8a

  • SHA256

    8f73bafddb4146bb2f171e6ab67fe8ea2e870319b086280ddf948eb54cac1f7a

  • SHA512

    6046e7bafbbc9a965d9c0efa5a106d2cbeafc134c56f7ef2fa2d43a4b475f06badc2495a4a10d2b727c187cd58a45eb9feb1532eff2e020f7d61383b0c7f151e

  • SSDEEP

    3072:yi9EP+o5Mgz30tozcYoKqatFWHV9bf5RvLD5t9a:M/b0OzcLKqatFCV9z5Rv/5na

Score
10/10
formbookg2m0ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g2m0

Decoy

toolatetobesorry.com

treeoflibertyco.com

dreadedyarn.com

priscillamatsushita.com

elenge.net

howork.net

qmgames.info

mysteryofbirds.com

dicks-boats.com

playsupermariobros.com

tulusurvey.com

wmgon.site

sareecraft.com

balladhealth.expert

osdauto.com

535395.xyz

grafschaft-hauenstein.info

orderlacabanatica.com

buttergrill.com

carterroecapital.com

Targets

    • Target

      tmp

    • Size

      185KB

    • MD5

      527d139b035b5a1713708cd0204238ec

    • SHA1

      6fd4b193b022734a1d95123db189cda114796d8a

    • SHA256

      8f73bafddb4146bb2f171e6ab67fe8ea2e870319b086280ddf948eb54cac1f7a

    • SHA512

      6046e7bafbbc9a965d9c0efa5a106d2cbeafc134c56f7ef2fa2d43a4b475f06badc2495a4a10d2b727c187cd58a45eb9feb1532eff2e020f7d61383b0c7f151e

    • SSDEEP

      3072:yi9EP+o5Mgz30tozcYoKqatFWHV9bf5RvLD5t9a:M/b0OzcLKqatFCV9z5Rv/5na

    Score
    10/10
    formbookg2m0ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks