Overview

overview

10

Static

static

99a19f4.exe

windows7-x64

10

99a19f4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    99a19f4.exe

  • Size

    444KB

  • Sample

    221123-sdblmaea7w

  • MD5

    f9a0abc34bd82cc507c366d37d5fe454

  • SHA1

    681ac1da1bbcc9c1b52d1fae2d77f1ce6d3ed935

  • SHA256

    255a64913a91a00cf84f50b98443ccb895a3ed7bf7ad28fc3c06260c83fe3c7f

  • SHA512

    f9c70362e0d4e32a89d5c59a469def1d2607d711488940d8ac6a795953e5a3e39279a08d873e3690c9472282ff041c2725b1f9e87927e48d3ec9cd5924f4faf9

  • SSDEEP

    12288:OY0Cy/YBKD8ZTT7aSqFKN5qI70otXvPaAkLqM:cd/YBKIVWbKF70opvPtM

Score
10/10
formbookt5ezratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

t5ez

Decoy

v+YaDdg/udazyV4Iyw==

MXDNPIhw1/8BP0Ud2fguBRZ/8nF6wQ==

WsTRjsGfK1Wt+wjFRn9mBQ==

TrAv42rPyfBfhpI=

2FrznhJCG6bpCgm9+n/Xq0cr

phy0dqeRgaeZzcuciHGgrkeVQw==

DIYHd2O24QEB

wVbxr0eqbQZMc4xwQF1W3NdmR2Xc

ncsN3VitpSp18jvXswKeJeQKA1DW

n/FT0RVVULr7fMV0Ykb8ztU=

OET6wvfsbaGp6O2/Rn9mBQ==

2Rb8gNoGR5GEwAeUhcs=

wR8Fc7imd8/3cQeUhcs=

rMZ/VOtX0kR/yV4Iyw==

9YIUqO7RR4iL5Cffi994

03AHmeAX+2F85Cnfi994

9QbOseAK0/c4SGJW

S1EDywDiYofETA==

ivZm1wDWR2hgAEFURn9mBQ==

D2pe4DygKUJKoLidIuwJo4PiKGhyZLPc

Targets

    • Target

      99a19f4.exe

    • Size

      444KB

    • MD5

      f9a0abc34bd82cc507c366d37d5fe454

    • SHA1

      681ac1da1bbcc9c1b52d1fae2d77f1ce6d3ed935

    • SHA256

      255a64913a91a00cf84f50b98443ccb895a3ed7bf7ad28fc3c06260c83fe3c7f

    • SHA512

      f9c70362e0d4e32a89d5c59a469def1d2607d711488940d8ac6a795953e5a3e39279a08d873e3690c9472282ff041c2725b1f9e87927e48d3ec9cd5924f4faf9

    • SSDEEP

      12288:OY0Cy/YBKD8ZTT7aSqFKN5qI70otXvPaAkLqM:cd/YBKIVWbKF70opvPtM

    Score
    10/10
    formbookt5ezratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks