Overview

overview

10

Static

static

1

2022-571-GLS.exe

windows7-x64

8

2022-571-GLS.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2022-571-GLS.exe

  • Size

    268KB

  • Sample

    221129-pexcyagf88

  • MD5

    6cc14805bbf5e6bfb4daae5c8a61af7e

  • SHA1

    34836f2aa6a4e97705352a50d2a7147c857fea94

  • SHA256

    029d4fe47cb21a8f4e1dbe1863cf43cba6ac777e008b9675d381fda82986196b

  • SHA512

    5f1bb5a77d471e49e15ff414b24ac89858e5458884f8f672a92376434dd9363e6d80146d6448b4ee0233c70531f58c4c7d431d9f873e6d1a2fdacf680479b2c6

  • SSDEEP

    6144:QBn14u11x6y/QH2tw81qVegiZU/S4RaXFKia7ZiOfu:g4uRX4WvqMgiZgSXFKhZiO2

Score
10/10
formbookb31bratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b31b

Decoy

deltafxtrading.com

alisonangl.com

cdfqs.com

easyentry.vip

dentalinfodomain.com

hiphoppianyc.com

pools-62911.com

supportteam26589.site

delldaypa.one

szanody.com

diaper-basket.art

ffscollab.com

freediverconnect.com

namesbrun.com

theprimone.top

lenzolab.com

cikmas.com

genyuei-no.space

hellofstyle.com

lamagall.com

Targets

    • Target

      2022-571-GLS.exe

    • Size

      268KB

    • MD5

      6cc14805bbf5e6bfb4daae5c8a61af7e

    • SHA1

      34836f2aa6a4e97705352a50d2a7147c857fea94

    • SHA256

      029d4fe47cb21a8f4e1dbe1863cf43cba6ac777e008b9675d381fda82986196b

    • SHA512

      5f1bb5a77d471e49e15ff414b24ac89858e5458884f8f672a92376434dd9363e6d80146d6448b4ee0233c70531f58c4c7d431d9f873e6d1a2fdacf680479b2c6

    • SSDEEP

      6144:QBn14u11x6y/QH2tw81qVegiZU/S4RaXFKia7ZiOfu:g4uRX4WvqMgiZgSXFKhZiO2

    Score
    10/10
    formbookb31bratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks