Overview

overview

10

Static

static

1

5.exe

windows7-x64

10

5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5.bin

  • Size

    257KB

  • Sample

    221202-rg8j4ahh6s

  • MD5

    48761a585f2cb5ffa54ef767bb18abdb

  • SHA1

    71483ebc4e70dfee81e108c38522a4f915b19600

  • SHA256

    6edd37fb895163628297cdcf7898da03027b960434bcae3404cd9fec27de1012

  • SHA512

    2594db7912073a8a69b632efd832eb800519a87af1045816ee4735d650ea410156c9cab93cc7ee8b6e06994bdd2f4fad62fafcbac399dc92a9fcba3af4ffa284

  • SSDEEP

    6144:QBn1PrZO0xliJYVYpu0OSmzleoJuou5KjfByDdDC0U0:gz40xkVu0BoSKdiCN0

Score
10/10
formbookb31bratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b31b

Decoy

deltafxtrading.com

alisonangl.com

cdfqs.com

easyentry.vip

dentalinfodomain.com

hiphoppianyc.com

pools-62911.com

supportteam26589.site

delldaypa.one

szanody.com

diaper-basket.art

ffscollab.com

freediverconnect.com

namesbrun.com

theprimone.top

lenzolab.com

cikmas.com

genyuei-no.space

hellofstyle.com

lamagall.com

Targets

    • Target

      5.bin

    • Size

      257KB

    • MD5

      48761a585f2cb5ffa54ef767bb18abdb

    • SHA1

      71483ebc4e70dfee81e108c38522a4f915b19600

    • SHA256

      6edd37fb895163628297cdcf7898da03027b960434bcae3404cd9fec27de1012

    • SHA512

      2594db7912073a8a69b632efd832eb800519a87af1045816ee4735d650ea410156c9cab93cc7ee8b6e06994bdd2f4fad62fafcbac399dc92a9fcba3af4ffa284

    • SSDEEP

      6144:QBn1PrZO0xliJYVYpu0OSmzleoJuou5KjfByDdDC0U0:gz40xkVu0BoSKdiCN0

    Score
    10/10
    formbookb31bratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks