Overview

overview

10

Static

static

Sorğu HA...77.exe

windows7-x64

3

Sorğu HA...77.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Sorğu HA-22-28199 22-077.exe

  • Size

    554KB

  • Sample

    221204-mncnsaba79

  • MD5

    ffff0c7d3139145648b89f27dc829e64

  • SHA1

    22142740d3c5f611a8e4487b4f3da05a25b51b23

  • SHA256

    a61da3e0802d4f580e033d44596b0c0cb812c80e0d449d3f427d0e71e2c5f14b

  • SHA512

    20f70410951d074fb19da6e7a8f870f10e11f46386d9ac6215a27f1338530af658e66a9ab86f9832edfcc67e25e4fe5b7bd89ee79edd8803e53bb5cde300d220

  • SSDEEP

    12288:IAVDQ3G17O3qhW8JnD676LkHSS+dJQqhqW8tbVpjLc:2Z8o76LkL+dWiqWKn

Score
10/10
formbookurderatspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

urde

Decoy

belleriacortland.com

gxzyykx.com

blocksholding.net

zhangjiyuan.com

tyfinck.com

xn--v9s.club

xn--72c9at8ec1l.com

dorismart.online

nocodeuni.com

hmmprocesos.website

quartile.agency

iansdogname.com

karengillen.com

the-bitindexprime.info

nthanisolutions.com

nakamu.online

sahityanepal.com

sinwinindustry.com

shotblastwearingparts.com

nstsuccess.com

Targets

    • Target

      Sorğu HA-22-28199 22-077.exe

    • Size

      554KB

    • MD5

      ffff0c7d3139145648b89f27dc829e64

    • SHA1

      22142740d3c5f611a8e4487b4f3da05a25b51b23

    • SHA256

      a61da3e0802d4f580e033d44596b0c0cb812c80e0d449d3f427d0e71e2c5f14b

    • SHA512

      20f70410951d074fb19da6e7a8f870f10e11f46386d9ac6215a27f1338530af658e66a9ab86f9832edfcc67e25e4fe5b7bd89ee79edd8803e53bb5cde300d220

    • SSDEEP

      12288:IAVDQ3G17O3qhW8JnD676LkHSS+dJQqhqW8tbVpjLc:2Z8o76LkL+dWiqWKn

    Score
    10/10
    formbookurderatspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks