Malware sandboxing report by Hatching Triage

General

Target

9a67166c5a81302300022d5fcf029600356460fcf3ce82fa37db08b131a0459f
Size

413KB
Sample

221205-ylldpadg8t
MD5

a2b43ba6d6a6af9f0fa07cab1a1ffd64
SHA1

0d63ee2545439dff61486e040fb8d921bee79ae3
SHA256

9a67166c5a81302300022d5fcf029600356460fcf3ce82fa37db08b131a0459f
SHA512

2a1105023880ae650ba67f2d657f3c0fe8c1a84c40a5a9ac5303f0c666226c454c40893f79073e816d14d873a3b583803934f9540a9ee7a604318affb1b427bb
SSDEEP

6144:LBnmyK4O/ekC2y6gPWJ6OC4tp8k4Hg2Y5nkjtPPraKFMP4wzSl7dlP7O/9Dj:Q7e6gPPOCm8kSIsPWK2Ptzo7dpy

Score

10^/10

Malware Config

Extracted

Family	formbook
Version	4.1
Campaign	8rmt
Decoy	3472cc.com takecareyourhair.com kontolajigasd21.xyz daihaitrinh.net syncmostlatestinfo-file.info lovesolutionsastrologist.info angelapryan.com rio727casino.com jjsgagets.com devyatkina.online thegoldenbeautyqatar.com czytaj-unas24live.monster timepoachers.com gayxxxporn.site 72308.xyz kristanolivo.com hijrahfwd.com bmfighters.com alfamx.website handfulofbabesbows.com nationalsocialism.link mega-recarga-arg.com rytstack.com kfav77.xyz rrexec.net linetl.top freedomcleaningusa.com abofahad3478.tokyo teamvalvolineeurope.com kyty4265.com afrikannaland.info dharmatradinguae.com bqylc.buzz lifeprojectmanager.pro streeteli.site 68fk.vip wasemanntrucking.com auracreitarusblog.com dfgzyt.cyou tecnotuto.net ookkvip.com 247repairs.info tyvwotnmrlpjgl.biz courtneymporter.com gildainterior.com papiska.xyz sparrow.run tyh-group.com april-zodiac-sign.info kiaf1.site cooleyes.live partasa.com connecticutinteriors.com thelovehandles.us netinseg.website diaryranch.xyz serenaderange.com milano.icu vapeseasy.com hengruncosmetics.com vlashon.com masberlian.ink djayadiwangsa.store nicneni.xyz ym2668.top 3472cc.com takecareyourhair.com kontolajigasd21.xyz daihaitrinh.net syncmostlatestinfo-file.info lovesolutionsastrologist.info angelapryan.com rio727casino.com jjsgagets.com devyatkina.online thegoldenbeautyqatar.com czytaj-unas24live.monster timepoachers.com gayxxxporn.site 72308.xyz kristanolivo.com hijrahfwd.com bmfighters.com alfamx.website handfulofbabesbows.com nationalsocialism.link mega-recarga-arg.com rytstack.com kfav77.xyz rrexec.net linetl.top freedomcleaningusa.com abofahad3478.tokyo teamvalvolineeurope.com kyty4265.com afrikannaland.info dharmatradinguae.com bqylc.buzz lifeprojectmanager.pro streeteli.site 68fk.vip wasemanntrucking.com auracreitarusblog.com dfgzyt.cyou tecnotuto.net ookkvip.com 247repairs.info tyvwotnmrlpjgl.biz courtneymporter.com gildainterior.com papiska.xyz sparrow.run tyh-group.com april-zodiac-sign.info kiaf1.site cooleyes.live partasa.com connecticutinteriors.com thelovehandles.us netinseg.website diaryranch.xyz serenaderange.com milano.icu vapeseasy.com hengruncosmetics.com vlashon.com masberlian.ink djayadiwangsa.store nicneni.xyz ym2668.top

Targets

- Target
  
  9a67166c5a81302300022d5fcf029600356460fcf3ce82fa37db08b131a0459f
- Size
  
  413KB
- MD5
  
  a2b43ba6d6a6af9f0fa07cab1a1ffd64
- SHA1
  
  0d63ee2545439dff61486e040fb8d921bee79ae3
- SHA256
  
  9a67166c5a81302300022d5fcf029600356460fcf3ce82fa37db08b131a0459f
- SHA512
  
  2a1105023880ae650ba67f2d657f3c0fe8c1a84c40a5a9ac5303f0c666226c454c40893f79073e816d14d873a3b583803934f9540a9ee7a604318affb1b427bb
- SSDEEP
  
  6144:LBnmyK4O/ekC2y6gPWJ6OC4tp8k4Hg2Y5nkjtPPraKFMP4wzSl7dlP7O/9Dj:Q7e6gPPOCm8kSIsPWK2Ptzo7dpy
Score

10^/10

formbook 8rmt rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

Score

1^/10

behavioral1

formbook8rmtratspywarestealertrojan

Score

10^/10

Sharing

General

Malware Config

Extracted

Targets

Formbook

Formbook payload

Executes dropped EXE

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1