Overview

overview

10

Static

static

1a147acc79...42.exe

windows7-x64

10

1a147acc79...42.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1a147acc79bb7233f85132e717dd1bf9f05bde6fb15f05d694ebef243b6c6342

  • Size

    631KB

  • Sample

    221130-p1649sed7z

  • MD5

    29b6705bd8902a017ba7970bfb30d967

  • SHA1

    5edc601627f882f0d3724d40b1fdb7c80136a3e5

  • SHA256

    1a147acc79bb7233f85132e717dd1bf9f05bde6fb15f05d694ebef243b6c6342

  • SHA512

    427dd00c1388c20c6cfc63cb9f757ff281d6b34092369208b2fac2df3940cd5793ce6c59234b3e75bfdc5d543fb4346488fbb8248ba6a09099bfc93a3f4952f4

  • SSDEEP

    12288:kJCnJCvvV/BfwkD7Wlag0sb1RCy+66JHIUZMxrhm0rF9noR:hcvvV/Bfwdla4QmUWxrlrF

Score
10/10
formbooku3qratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

u3q

Decoy

wingenomics.com

malwaredeepdive.com

uvdxkup.icu

safeweb-url624.com

lighthousetan.com

liumeilin.com

thaiexpressnyc.com

primedperspective.com

georgekwalker.com

purelife-gt.com

theboseproject.com

moralalaska.icu

anthonysoflittleitaly.com

talahadavi.com

waterbrooksacademy.com

aluneaproaieauayauwpalaua.com

mytshirtforlife.com

penerbitlayung.com

chainslugs.com

bhbgsc.com

Targets

    • Target

      1a147acc79bb7233f85132e717dd1bf9f05bde6fb15f05d694ebef243b6c6342

    • Size

      631KB

    • MD5

      29b6705bd8902a017ba7970bfb30d967

    • SHA1

      5edc601627f882f0d3724d40b1fdb7c80136a3e5

    • SHA256

      1a147acc79bb7233f85132e717dd1bf9f05bde6fb15f05d694ebef243b6c6342

    • SHA512

      427dd00c1388c20c6cfc63cb9f757ff281d6b34092369208b2fac2df3940cd5793ce6c59234b3e75bfdc5d543fb4346488fbb8248ba6a09099bfc93a3f4952f4

    • SSDEEP

      12288:kJCnJCvvV/BfwkD7Wlag0sb1RCy+66JHIUZMxrhm0rF9noR:hcvvV/Bfwdla4QmUWxrlrF

    Score
    10/10
    formbooku3qratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Beds Protector Packer

      Detects Beds Protector packer used to load .NET malware.

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks