Overview

overview

10

Static

static

10bd338060...a1.exe

windows7-x64

10

10bd338060...a1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10bd3380601961166b5df308a6927cd6f50a4ab258e60f2aef93292e756d7aa1

  • Size

    2.5MB

  • Sample

    221130-w3geysge3s

  • MD5

    3b2839138c381fe2901d2daa9290b462

  • SHA1

    4ccb206f3f9be21d42c588be9a65417da11706fe

  • SHA256

    10bd3380601961166b5df308a6927cd6f50a4ab258e60f2aef93292e756d7aa1

  • SHA512

    2c171f522f9721003fd98e0f718152338e27475dda29f635484c36b6a8e69a74a21e00e26d7c0c106b2651069d8bf8b0f0fc23e2a4dc905a751a1cfc7f3e6113

  • SSDEEP

    49152:WtoZ0ajbQzlq5O+l4QOnn8jeX+l8uvlhfNf5lWLPNyeL9+hw/USGy7Xk/51HwgGh:W6X0zlC6mc98IQ1a7

Score
10/10
formbooku3qratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

u3q

Decoy

wingenomics.com

malwaredeepdive.com

uvdxkup.icu

safeweb-url624.com

lighthousetan.com

liumeilin.com

thaiexpressnyc.com

primedperspective.com

georgekwalker.com

purelife-gt.com

theboseproject.com

moralalaska.icu

anthonysoflittleitaly.com

talahadavi.com

waterbrooksacademy.com

aluneaproaieauayauwpalaua.com

mytshirtforlife.com

penerbitlayung.com

chainslugs.com

bhbgsc.com

Targets

    • Target

      10bd3380601961166b5df308a6927cd6f50a4ab258e60f2aef93292e756d7aa1

    • Size

      2.5MB

    • MD5

      3b2839138c381fe2901d2daa9290b462

    • SHA1

      4ccb206f3f9be21d42c588be9a65417da11706fe

    • SHA256

      10bd3380601961166b5df308a6927cd6f50a4ab258e60f2aef93292e756d7aa1

    • SHA512

      2c171f522f9721003fd98e0f718152338e27475dda29f635484c36b6a8e69a74a21e00e26d7c0c106b2651069d8bf8b0f0fc23e2a4dc905a751a1cfc7f3e6113

    • SSDEEP

      49152:WtoZ0ajbQzlq5O+l4QOnn8jeX+l8uvlhfNf5lWLPNyeL9+hw/USGy7Xk/51HwgGh:W6X0zlC6mc98IQ1a7

    Score
    10/10
    formbooku3qratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Beds Protector Packer

      Detects Beds Protector packer used to load .NET malware.

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks