Overview

overview

10

Static

static

17cbefa3bf...e2.exe

windows7-x64

10

17cbefa3bf...e2.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    17cbefa3bfafde3ea9708bd2af0f6ce2

  • Size

    879KB

  • Sample

    221019-fg1zgaefg7

  • MD5

    17cbefa3bfafde3ea9708bd2af0f6ce2

  • SHA1

    3e95cd5f19384ab005c4e036af1de48674e476af

  • SHA256

    6034200b55579c47e45b1dbe648f71aa554ff6b0ab8637c5f1953db8572649c4

  • SHA512

    1b79dbd18d7fd3841afbb0347a0ac436ed499b036672d0cd7d761dbe48d0d1e96ab0cfcf287be391f41d2f5007e93cfcb57783f7ad6c7dc12865c1b2e90ce9bb

  • SSDEEP

    12288:idEAg+MSxTL899gW1Qad3RGlsWkPlWJUF2BH1d/gBOis/:idxg+7w99gWNRGlsWkP2T/

Score
10/10
formbookd42nratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d42n

Decoy

uprankmedia.com

susannaroberts.one

umbrellaman.gallery

chamsocphaidep.net

kalravjoshi.com

americanathleteaward.com

pawtreat.pet

anyv.us

sadaskjfh42.shop

diaodao.net

du2agcuwtbss1la.xyz

petra-hildebrand.com

medinette.site

insurancestrategy.agency

tomatosoup.online

i-suppor-t.us

prefectoprocrus.site

kubbeev.xyz

x5media.agency

evandrosys01.tech

Targets

    • Target

      17cbefa3bfafde3ea9708bd2af0f6ce2

    • Size

      879KB

    • MD5

      17cbefa3bfafde3ea9708bd2af0f6ce2

    • SHA1

      3e95cd5f19384ab005c4e036af1de48674e476af

    • SHA256

      6034200b55579c47e45b1dbe648f71aa554ff6b0ab8637c5f1953db8572649c4

    • SHA512

      1b79dbd18d7fd3841afbb0347a0ac436ed499b036672d0cd7d761dbe48d0d1e96ab0cfcf287be391f41d2f5007e93cfcb57783f7ad6c7dc12865c1b2e90ce9bb

    • SSDEEP

      12288:idEAg+MSxTL899gW1Qad3RGlsWkPlWJUF2BH1d/gBOis/:idxg+7w99gWNRGlsWkP2T/

    Score
    10/10
    formbookd42nratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks