Overview

overview

10

Static

static

1

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    257KB

  • Sample

    221202-k7wjwsga2x

  • MD5

    db34b27822c1c7d80e7e59ed743ce22c

  • SHA1

    f888efab5bfd957947b95877b4c5c73067dad197

  • SHA256

    3cfd81b824673a6ba23d472bd09d5e7610a3346cce6f23956507af5eab63c012

  • SHA512

    860a92c61d02b1429853c529234ca0885cc37065503a14918ddfd722fd3281f1179fa036315a867eb36475e93db391307255e214b78733d8fd4ce7c93ed7a066

  • SSDEEP

    6144:QBn1+chufZq/1wTiFDMwMBUvosOPuoXK+qvcAYzy/:g+ciAyeUavOha+nAYI

Score
10/10
formbookpr28ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pr28

Decoy

huaxinimg.com

baorungas.com

comercializadoramultimus.com

blr-batipro.com

wantagedfas.uk

1thingplan.one

cweilin.com

lorienconsultingllc.com

jdzsjwx.com

casafacil.site

hkacgt.com

hasid.africa

92dgr97k4hr9.com

cvbiop.xyz

1wbskm.top

fantasticmobility.com

goodchoice2022.com

hafizpower.com

familiajoya.com

fundscrahelp.info

Targets

    • Target

      tmp

    • Size

      257KB

    • MD5

      db34b27822c1c7d80e7e59ed743ce22c

    • SHA1

      f888efab5bfd957947b95877b4c5c73067dad197

    • SHA256

      3cfd81b824673a6ba23d472bd09d5e7610a3346cce6f23956507af5eab63c012

    • SHA512

      860a92c61d02b1429853c529234ca0885cc37065503a14918ddfd722fd3281f1179fa036315a867eb36475e93db391307255e214b78733d8fd4ce7c93ed7a066

    • SSDEEP

      6144:QBn1+chufZq/1wTiFDMwMBUvosOPuoXK+qvcAYzy/:g+ciAyeUavOha+nAYI

    Score
    10/10
    formbookpr28ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks