Overview

overview

10

Static

static

11-29-22.exe

windows7-x64

1

11-29-22.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11-29-22.zip

  • Size

    39KB

  • Sample

    221129-qms6xscg28

  • MD5

    618f83925c64ae90e409ab4dd93b2977

  • SHA1

    0ac6374184997f1700262ca0fef8f5e5abeb5538

  • SHA256

    6fe094ec30939499261cd11a9f01973454719bf53617b1692b1089ac6607a79a

  • SHA512

    41104ae618cdb1761b7bd350fcd78791c10e61b84e4c681b6c0b8a32c270f2e39c3654a9a85c3658dd32075bc44ebd00e4aae3933fa123b31779c6fdd26555f5

  • SSDEEP

    768:HgnJ8USvpuwYF+AC1rWFm4EUDZxlN+H6YT487TSceImzP+Tfdw:Ae/vfYi6FxJI/T48gImzo2

Score
10/10
formbookfs44ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fs44

Decoy

whneat.com

jljcw.net

pocodelivery.com

outofplacezine.com

yavuzcansigorta.com

xinhewood-cn.com

cartogogh.com

5avis.com

joyceyong.art

digitalsurf.community

blackcreekbarns.com

magazinedistribuidor.com

sportsgross.com

drevom.online

mayibeofservice.com

gareloi-digit.com

permitha.net

renaissanceestetica.com

facts-r-friends.com

dach-loc.com

Targets

    • Target

      11-29-22.exe

    • Size

      121KB

    • MD5

      e906026bef372da3ac8618be9c0a1787

    • SHA1

      d98429fcff9d667e116c8b99469070e7bdb0de59

    • SHA256

      d13d078e3ca43adb581966a669f056116b1aaee681d1b6c026f0b6f4bb606324

    • SHA512

      403de6adc801b3f460967f0b0d63003647265be67cc0336aeb60a1c31cdbed00199eb43c8bed489c777299db36f88f785b99e29bf15b4f3615bd907b3431f4cb

    • SSDEEP

      3072:VEvf9OEud7hY72rOAOkGt6+duWA/t/SHUebbxCbGgKk12qk/In/87gUHCzQgtn9x:u9OnGZwLf8

    Score
    10/10
    formbookfs44ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks