Overview

overview

10

Static

static

3ab1cc60bd...a5.exe

windows7-x64

10

3ab1cc60bd...a5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8110386446.zip

  • Size

    1004KB

  • Sample

    221006-vnd6lsaab7

  • MD5

    1e5b8d5318aed5aab1cd489256a8b5d9

  • SHA1

    c4f19138c74bc473d000012633c8417572ff86eb

  • SHA256

    b85c8547897495eea72da004d6579754bfa857b4cfb90b8405309e65bfeed216

  • SHA512

    b446961f07bfaa5599b98926f7ada94b691d8ea6cb9662d44dc504f691b8ef6b16f6aeceef69387c19d4959344f8695dc46c83a9cd6dfbaf059839ae7e01e689

  • SSDEEP

    24576:u2NwnhaRIyyakDxZ4jh24F3xVZaLk+3wYeOojMnFCsNku:u2WnRy7krQhlFhqA/Ooj4Cxu

Score
10/10
formbookje14ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

je14

Decoy

innervisionbuildings.com

theenergysocialite.com

565548.com

panghr.com

onlyonesolutions.com

stjohnzone6.com

cnotes.rest

helfeb.online

xixi-s-inc.club

easilyentered.com

theshopx.store

mrclean-ac.com

miamibeachwateradventures.com

jpearce.co.uk

seseragi-bunkou.com

minimaddie.com

commbank-help-849c3.com

segohandelsonderneming.com

namthanhreal.com

fototerapi.online

Targets

    • Target

      3ab1cc60bd5dca00fc6cad5cf3c0a7cccea610b20027c9db6b45f0b41860fba5

    • Size

      1.1MB

    • MD5

      71415d61dd3a653e017514280a4e05c4

    • SHA1

      89bed5f613401c5816f3b22816f84d5f8067db3b

    • SHA256

      3ab1cc60bd5dca00fc6cad5cf3c0a7cccea610b20027c9db6b45f0b41860fba5

    • SHA512

      971407b4327c3a9fe1ff76f0ec84874522865ae08f338ec0985a1ef78066a59412d323a4a2731d33dec129c89355b7aa95fe36f4425db8ad6ea1151f5b9c2098

    • SSDEEP

      24576:UAOcZXcxP61ptWw+avL8pnp3qY7daGAuvZG31RMaas/xmR:CH+tWw+S8D3r70QA3XM9n

    Score
    10/10
    formbookje14ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks