Overview

overview

10

Static

static

1

jets66700.exe

windows7-x64

8

jets66700.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    jets66700.exe

  • Size

    258KB

  • Sample

    221205-j4exasbb22

  • MD5

    c10e0b9756b38239fed5025e119db829

  • SHA1

    b7a2ddbfd18fe7f0ea7683e73d84a595e966ebb9

  • SHA256

    3603af319837f00dacace08ff3add606ccfd6faf64a53606575aae6f1a4ba782

  • SHA512

    8d4d4edf987383774e8ccf54f5d06a8d08f1a52ee40592aacd5d512bc7c445f1d61b0333582b1c3f25cee14ee97aa4625941a9bd7425741c95736168f082f06c

  • SSDEEP

    6144:QBn1/KUwq3q6YqZZ9f/EBqpObOiFzkiUF9FaP5qgJDa:gNslSEbOizk/9Foqg0

Score
10/10
formbookje14ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

je14

Decoy

innervisionbuildings.com

theenergysocialite.com

565548.com

panghr.com

onlyonesolutions.com

stjohnzone6.com

cnotes.rest

helfeb.online

xixi-s-inc.club

easilyentered.com

theshopx.store

mrclean-ac.com

miamibeachwateradventures.com

jpearce.co.uk

seseragi-bunkou.com

minimaddie.com

commbank-help-849c3.com

segohandelsonderneming.com

namthanhreal.com

fototerapi.online

Targets

    • Target

      jets66700.exe

    • Size

      258KB

    • MD5

      c10e0b9756b38239fed5025e119db829

    • SHA1

      b7a2ddbfd18fe7f0ea7683e73d84a595e966ebb9

    • SHA256

      3603af319837f00dacace08ff3add606ccfd6faf64a53606575aae6f1a4ba782

    • SHA512

      8d4d4edf987383774e8ccf54f5d06a8d08f1a52ee40592aacd5d512bc7c445f1d61b0333582b1c3f25cee14ee97aa4625941a9bd7425741c95736168f082f06c

    • SSDEEP

      6144:QBn1/KUwq3q6YqZZ9f/EBqpObOiFzkiUF9FaP5qgJDa:gNslSEbOizk/9Foqg0

    Score
    10/10
    formbookje14ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks