Overview

overview

10

Static

static

6557ea99d2...79.exe

windows7-x64

1

6557ea99d2...79.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6557ea99d2e422775ec80a44a0af6c5c864c8beb480afe1e553c23079a4f3f79.exe

  • Size

    935KB

  • Sample

    221007-mkyrvacbg2

  • MD5

    cb11092dff6fbcbf04031d03d673e58f

  • SHA1

    2ebbc9acbda7f6894c062c3a9713a85b3e223f6d

  • SHA256

    6557ea99d2e422775ec80a44a0af6c5c864c8beb480afe1e553c23079a4f3f79

  • SHA512

    b1694b3ef3f67ee580fe836dc18c58b2b8124f9adb3da58b65a34004da95fb5416f46c29c6fd86bcb6daaaeb7171c769b340bd9afc60f28727ed6a94c57a4075

  • SSDEEP

    12288:5dV7uikFgUJp8GOst+tiJhLlpUu0lDySNKDByQXQAkwkcH/:jlubgustKhppd0lDySN4BbXnz/

Score
10/10
formbookc1noratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

c1no

Decoy

SKHcqi+am5xGsHiCoXnH

BObxRpdRlNT5GCo3Eg8azNIQ

GPkN2SZ9gJOYqn4iaNIH6d1MRlk=

ZrdQ6Q4zd05LBFWPDc8=

KYQZEtvg85sq1t9jd7kazNIQ

KWu2/CZdnIFgf0p8

YlJ9mWmf+XkCjxzXSw==

nPeaENkZPzjWSh5DJiBVhlrTSx9V

GfUN8rKft59DsH2CoXnH

5ThnVCgjBm96jxzXSw==

pfb0D48Mk38v

uK6V0h16ziJXZuQ3NR8asKzT2Q==

QaxeYCJXoHFvKesgBSozIyC6bkTR8rbF

QT12wt/a0nsdrbY/oSGKqcq2wQ==

vfuiENwZZrvruTm5lHDF

iNsQyVnb3NHbtXyCoXnH

9jjn4jP8RyrjBYwNPvtfPg==

Wz1uwtUpdbrpwZXZq5HpXV7TSx9V

e9+RDvTx9HSZej/7PvtfPg==

oAeNwswNS6QgtnOdmcc=

Targets

    • Target

      6557ea99d2e422775ec80a44a0af6c5c864c8beb480afe1e553c23079a4f3f79.exe

    • Size

      935KB

    • MD5

      cb11092dff6fbcbf04031d03d673e58f

    • SHA1

      2ebbc9acbda7f6894c062c3a9713a85b3e223f6d

    • SHA256

      6557ea99d2e422775ec80a44a0af6c5c864c8beb480afe1e553c23079a4f3f79

    • SHA512

      b1694b3ef3f67ee580fe836dc18c58b2b8124f9adb3da58b65a34004da95fb5416f46c29c6fd86bcb6daaaeb7171c769b340bd9afc60f28727ed6a94c57a4075

    • SSDEEP

      12288:5dV7uikFgUJp8GOst+tiJhLlpUu0lDySNKDByQXQAkwkcH/:jlubgustKhppd0lDySN4BbXnz/

    Score
    10/10
    formbookc1noratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks