Overview

overview

10

Static

static

Re, cotten.exe

windows7-x64

10

Re, cotten.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Re, cotten.exe

  • Size

    1.1MB

  • Sample

    221123-g5f5msha2y

  • MD5

    c6158b027d97a2b4c111945566366838

  • SHA1

    18248a16b4d521ccd038c57853ee89a11c3c654a

  • SHA256

    dd7311a0428c78cec1db4fbca409094ab6694db68c03aa878f9f1872ecc6e1db

  • SHA512

    547d8e6940511aafaa40b7a0511b7bc15a7f8f6d9a2f25d6614ddabcd9646af863e3e311becc3e8d051178fe6840a68d0e86d1508c6f68ecb154e25406670f69

  • SSDEEP

    24576:GLGrqdOj5DklX6Ihq8XhGRuIrrVH1rF7MlYf:1rqdOj5Dk3LhGZnVV5A

Score
10/10
formbookng04ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ng04

Decoy

tevimaq.com

easterspecialtystore.com

smartlever.tech

10312.uk

tanjawiharbi.co.uk

471338.com

horusventure.com

empress-care.com

sinrian.com

465951.com

aemsti.com

nxcourier.com

stargatefarms.com

lalyquainvestment.com

dailysportsadvice.com

justlistmoore.com

stoneonroll.online

tatianakolomiets.com

barcodebbm.com

protectorship.world

Targets

    • Target

      Re, cotten.exe

    • Size

      1.1MB

    • MD5

      c6158b027d97a2b4c111945566366838

    • SHA1

      18248a16b4d521ccd038c57853ee89a11c3c654a

    • SHA256

      dd7311a0428c78cec1db4fbca409094ab6694db68c03aa878f9f1872ecc6e1db

    • SHA512

      547d8e6940511aafaa40b7a0511b7bc15a7f8f6d9a2f25d6614ddabcd9646af863e3e311becc3e8d051178fe6840a68d0e86d1508c6f68ecb154e25406670f69

    • SSDEEP

      24576:GLGrqdOj5DklX6Ihq8XhGRuIrrVH1rF7MlYf:1rqdOj5Dk3LhGZnVV5A

    Score
    10/10
    formbookng04ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks