Overview

overview

10

Static

static

1

5.exe

windows7-x64

10

5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5.exe

  • Size

    332KB

  • Sample

    221124-pf5qpsch78

  • MD5

    6d5a463601016b2ed5abd8f1182d1aed

  • SHA1

    df19e5451414fb6616d50f6327b2ab7341fc049f

  • SHA256

    b8024e250ead416a33d4ef90f4fafe7e2dfbd27e6028302b80896905fad4ac9a

  • SHA512

    447ab7d915162e9731d232f4d9c14f7bec2c3ca9b60d119711ea4a8d707db29fd89a74beb0943d7a93dc2c6125d4ca4864d58f28763e394e73b2b840d0ae5926

  • SSDEEP

    6144:QBn11Gp32g9I39BBlleI1FkuRMAOgmnK2F9zeKWq6//GNJG1LDXoapeG/G:g1GpGg9CNl5GuRPkbFXWGq1A5G+

Score
10/10
formbookmi08ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mi08

Decoy

mytimebabes.com

ycpxb.com

abdkaplani.com

cloudingersoftech.com

fthfire.xyz

christyna.work

3d-add-on.com

knowyourtechdeals.com

kcl24.com

sepatubiker.com

sunnyboy.live

zrbsq.com

rinpari.com

lesac-berra.com

yes820.com

cnnorman.com

mystichousedv.com

sbobet888auto.com

gawiul.xyz

luispenas.com

Targets

    • Target

      5.exe

    • Size

      332KB

    • MD5

      6d5a463601016b2ed5abd8f1182d1aed

    • SHA1

      df19e5451414fb6616d50f6327b2ab7341fc049f

    • SHA256

      b8024e250ead416a33d4ef90f4fafe7e2dfbd27e6028302b80896905fad4ac9a

    • SHA512

      447ab7d915162e9731d232f4d9c14f7bec2c3ca9b60d119711ea4a8d707db29fd89a74beb0943d7a93dc2c6125d4ca4864d58f28763e394e73b2b840d0ae5926

    • SSDEEP

      6144:QBn11Gp32g9I39BBlleI1FkuRMAOgmnK2F9zeKWq6//GNJG1LDXoapeG/G:g1GpGg9CNl5GuRPkbFXWGq1A5G+

    Score
    10/10
    formbookmi08ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks