Overview

overview

10

Static

static

6.exe

windows7-x64

3

6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6.exe

  • Size

    444KB

  • Sample

    221124-qxnzysbe3v

  • MD5

    d0681311d641346940a5092f24f4544b

  • SHA1

    25e9512f2699f9584c0c091df544e8924e86ec54

  • SHA256

    286b871767ff34e7cbbf0ff3f5adb1d2c2900b91295cf36ea3497a7483ceb7d8

  • SHA512

    7d1e5f9ae7d073fe6ba0ca525684128335a8f2b83a970478ae84c0fd9e12f1a2cddb6495909540b8a6e4a49115ccdc01db8225742c9c549882390957693138db

  • SSDEEP

    12288:7EO8Py7vLboIrihtnCA633512bb2MoH0oQocuSuvaebAqQaac9acaaaGrs4+w:77vLUIrYsA2ybHoU3

Score
10/10
formbookt5ezratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

t5ez

Decoy

v+YaDdg/udazyV4Iyw==

MXDNPIhw1/8BP0Ud2fguBRZ/8nF6wQ==

WsTRjsGfK1Wt+wjFRn9mBQ==

TrAv42rPyfBfhpI=

2FrznhJCG6bpCgm9+n/Xq0cr

phy0dqeRgaeZzcuciHGgrkeVQw==

DIYHd2O24QEB

wVbxr0eqbQZMc4xwQF1W3NdmR2Xc

ncsN3VitpSp18jvXswKeJeQKA1DW

n/FT0RVVULr7fMV0Ykb8ztU=

OET6wvfsbaGp6O2/Rn9mBQ==

2Rb8gNoGR5GEwAeUhcs=

wR8Fc7imd8/3cQeUhcs=

rMZ/VOtX0kR/yV4Iyw==

9YIUqO7RR4iL5Cffi994

03AHmeAX+2F85Cnfi994

9QbOseAK0/c4SGJW

S1EDywDiYofETA==

ivZm1wDWR2hgAEFURn9mBQ==

D2pe4DygKUJKoLidIuwJo4PiKGhyZLPc

Targets

    • Target

      6.exe

    • Size

      444KB

    • MD5

      d0681311d641346940a5092f24f4544b

    • SHA1

      25e9512f2699f9584c0c091df544e8924e86ec54

    • SHA256

      286b871767ff34e7cbbf0ff3f5adb1d2c2900b91295cf36ea3497a7483ceb7d8

    • SHA512

      7d1e5f9ae7d073fe6ba0ca525684128335a8f2b83a970478ae84c0fd9e12f1a2cddb6495909540b8a6e4a49115ccdc01db8225742c9c549882390957693138db

    • SSDEEP

      12288:7EO8Py7vLboIrihtnCA633512bb2MoH0oQocuSuvaebAqQaac9acaaaGrs4+w:77vLUIrYsA2ybHoU3

    Score
    10/10
    formbookt5ezratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks