Overview

overview

10

Static

static

8681d02226...19.exe

windows7-x64

10

8681d02226...19.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8681d02226dc0c77c0ea8917a07eb319

  • Size

    702KB

  • Sample

    221128-3rrvwaga3t

  • MD5

    8681d02226dc0c77c0ea8917a07eb319

  • SHA1

    2b8aded3a5255af3866c208a8e01e40396f4109b

  • SHA256

    88fcdbab38de02bbb2a94f7042c687af6284848ae22dd69e4a08c1666a8fe3b5

  • SHA512

    09a602dec2e5c3c925e593999b0cbce49b9bb935753f945b999ff3cdeaad12d7cde06286d6e5de8d431c432302495a12e615af305cbb95f9bf47b4f557a3a61d

  • SSDEEP

    12288:JxLDIXPod2iNx0MTISlzy7xprLak2w8OVevOneXt1wBikXVX39oo3F5/W+:Jrd1P0MTYLB2TvFXLofVX3io3F93

Score
10/10
formbookg2fgratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g2fg

Decoy

snowcrash.website

pointman.us

newheartvalve.care

drandl.com

sandspringsramblers.com

programagubernamental.online

boja.us

mvrsnike.com

mentallyillmotherhood.com

facom.us

programagubernamental.store

izivente.com

roller-v.fr

amazonbioactives.com

metaverseapple.xyz

5gt-mobilevsverizon.com

gtwebsolutions.co

scottdunn.life

usdp.trade

pikmin.run

Targets

    • Target

      8681d02226dc0c77c0ea8917a07eb319

    • Size

      702KB

    • MD5

      8681d02226dc0c77c0ea8917a07eb319

    • SHA1

      2b8aded3a5255af3866c208a8e01e40396f4109b

    • SHA256

      88fcdbab38de02bbb2a94f7042c687af6284848ae22dd69e4a08c1666a8fe3b5

    • SHA512

      09a602dec2e5c3c925e593999b0cbce49b9bb935753f945b999ff3cdeaad12d7cde06286d6e5de8d431c432302495a12e615af305cbb95f9bf47b4f557a3a61d

    • SSDEEP

      12288:JxLDIXPod2iNx0MTISlzy7xprLak2w8OVevOneXt1wBikXVX39oo3F5/W+:Jrd1P0MTYLB2TvFXLofVX3io3F93

    Score
    10/10
    formbookg2fgratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks