Overview

overview

10

Static

static

1

clientIC.exe

windows7-x64

8

clientIC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    clientIC.bin.zip

  • Size

    216KB

  • Sample

    221130-lmc3gsca2x

  • MD5

    c8ebc40be0a92b4412ad0a862ab26cab

  • SHA1

    784c62aa4ba0c1ce87c96da5f20f3e022292fe0e

  • SHA256

    cfee1cf081f586be0dca743b2fd2e38645e14d6e897c8726b0ea164709931e92

  • SHA512

    35a3e5f8c45005d707ff3f2425ff10300bde4448379c253c5f261c50e1fb2d52ec505fb3d929ac6c1f678e8bb9afe53141bc9a5d82762c9a2c06d8e5607a1139

  • SSDEEP

    6144:U+vR+5Tzwm14ia+x/oqgR1wobIRtkpLjTeEOC:U+J+53P+miq81wobuOpLjTeEOC

Score
10/10
formbookwh23ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wh23

Decoy

ow9vyvfee.com

alvis.one

mutantgobz.claims

plynofon.com

southofkingst.store

nuvidamedspa.com

coffeeforyou56.com

opaletechevents.com

momobar.life

abcmousu.com

learnicd-11.com

tipokin.xyz

kahvezevki.com

suratdimond.com

oldartists.best

infoepic.info

mattresslabo.com

skarlmotors.com

cl9319x.xyz

med49app.net

Targets

    • Target

      clientIC.bin

    • Size

      233KB

    • MD5

      6748ab9c3f718189aa1942e6465c5de4

    • SHA1

      872407ac71d607b1d02b1e116ce7c1a788078888

    • SHA256

      d7cc0491b79a1024a4b9cdff777d016b9ccd6ecb7b335ccb54f61fea89e345cd

    • SHA512

      90710bb4a02c94c9274aa25ca67357c037475d1c7793fc9a72568e853c989a5e77587f7f7a66bcc46c89f53e3629a507d537721c234866710cabb362b79da74a

    • SSDEEP

      6144:5Bnuy0yPQ9aJbN6bWfO8hOXFI07pyDRAHUdTHyqiYBNBYd5PP2Tkc+:Ky0yPQ90bN6bkhI9W2rMNBYn2Ic+

    Score
    10/10
    formbookwh23ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks