Overview

overview

10

Static

static

1

36649f9c0b...f1.exe

windows7-x64

10

36649f9c0b...f1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    36649f9c0baec66f816583057c8345f1.exe

  • Size

    442KB

  • Sample

    221123-v7prfsbb58

  • MD5

    36649f9c0baec66f816583057c8345f1

  • SHA1

    0ff0435e9f58f6a5ca70f792751286c48413b56b

  • SHA256

    9be3965a8f8378e3cbf5b59240ba53b6be33f4c3677e2112b32cf6ed6592e5cf

  • SHA512

    60f5ee3a3a024565cf3efbd650b6900ccbeb34f2f124393c1447b2a11af09b0df95f5edd0c22d453801c29edc694224280b06717fe23007ca06285940688d56a

  • SSDEEP

    6144:iyEa0sZPLivhZvzkUIRkPQVzMDSjv0AnUxtpPxdax+OSUwmB5M7gcKVqEBM:is4T7wk4VQmwuqtpxmSURCgcKbBM

Score
10/10
formbookh3haratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h3ha

Decoy

ideas-dulces.store

store1995.store

swuhn.com

ninideal.com

musiqhaus.com

quranchart.com

kszq26.club

lightfx.online

thetickettruth.com

meritloancubk.com

lawnforcement.com

sogeanetwork.com

thedinoexotics.com

kojima-ah.net

gr-myab3z.xyz

platiniuminestor.net

reviewsiske.com

stessil-lifestyle.com

goodqjourney.biz

cirimpianti.com

Targets

    • Target

      36649f9c0baec66f816583057c8345f1.exe

    • Size

      442KB

    • MD5

      36649f9c0baec66f816583057c8345f1

    • SHA1

      0ff0435e9f58f6a5ca70f792751286c48413b56b

    • SHA256

      9be3965a8f8378e3cbf5b59240ba53b6be33f4c3677e2112b32cf6ed6592e5cf

    • SHA512

      60f5ee3a3a024565cf3efbd650b6900ccbeb34f2f124393c1447b2a11af09b0df95f5edd0c22d453801c29edc694224280b06717fe23007ca06285940688d56a

    • SSDEEP

      6144:iyEa0sZPLivhZvzkUIRkPQVzMDSjv0AnUxtpPxdax+OSUwmB5M7gcKVqEBM:is4T7wk4VQmwuqtpxmSURCgcKbBM

    Score
    10/10
    formbookh3haratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks