Overview

overview

10

Static

static

HVTYUNB GH.exe

windows7-x64

10

HVTYUNB GH.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HVTYUNB GH.exe

  • Size

    286KB

  • Sample

    221126-1rlmrabf4z

  • MD5

    9c9cdba4a31ce04352f53e163bd96e4c

  • SHA1

    8df864893b78417f89bbfab5abc5b662c5000ac3

  • SHA256

    73a5f6c41cb4b4b5fb949c859ca58e8c6890c3accdc3e9d30e4b66d461890682

  • SHA512

    69136741e441b693ff6853549a69dd2e9aaa5a5b615c018b5dceeedbe8f978d418c8db771a88fad94ea31885be5fcf0e7b2b20a388d0ccc518e88d2c3da72bf6

  • SSDEEP

    6144:GnVuMW0KvGua1XyT+u0sefecpCor7NPrcMlv3vfKk+10sU69:GuMW0VuQyKuFefe/o1jvXKkE0sUy

Score
10/10
formbooktpd2ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

tpd2

Decoy

P83Fr0F3A2KiI+cW

Pp1caIMEnr/EFk6Eu415Y1M=

O5eVsiutrsnUK6kDF6El

wxvn/yutO1JimCRM5HI=

F+ahRJCkyfI4Xwoe

ozU8V7MKMIba4U98/3w=

b4GDF1u0P2p62t1Ka3o=

KomBjwSImCdhtq7eMmQ=

1zqJLbw2x46Z8Q==

lal5nLUpt9Fjqeo=

yifkCkmeS5Of5dXwSWlkCIsXZA==

fK2zUmVxp/I6q91Ka3o=

MQa3V3RrSpKT

TzYGjdgculPW3Qs+6XM=

dVgMubs7KzuD6A==

CSAuug6iPk1Wn5K/8lQ9mQ==

hBOyTXIs6TuX612tLW0=

onmqz912c5So4uYW

zLHGWnnDYrHrLixltY15Y1M=

9wcJlsgDO4rnN2F+tY15Y1M=

Targets

    • Target

      HVTYUNB GH.exe

    • Size

      286KB

    • MD5

      9c9cdba4a31ce04352f53e163bd96e4c

    • SHA1

      8df864893b78417f89bbfab5abc5b662c5000ac3

    • SHA256

      73a5f6c41cb4b4b5fb949c859ca58e8c6890c3accdc3e9d30e4b66d461890682

    • SHA512

      69136741e441b693ff6853549a69dd2e9aaa5a5b615c018b5dceeedbe8f978d418c8db771a88fad94ea31885be5fcf0e7b2b20a388d0ccc518e88d2c3da72bf6

    • SSDEEP

      6144:GnVuMW0KvGua1XyT+u0sefecpCor7NPrcMlv3vfKk+10sU69:GuMW0VuQyKuFefe/o1jvXKkE0sUy

    Score
    10/10
    formbooktpd2ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks