Malware sandboxing report by Hatching Triage

General

Target

SecuriteInfo.com.Win32.PWSX-gen.8040.31387.exe
Size

626KB
Sample

221206-back3sff8z
MD5

094fd52eec0055205bddc82c5f78ad87
SHA1

c06a2da7c13bcebe40b4cd46d4afaaa856b0de95
SHA256

dd7c962afea2752944885fdd3551a0a50fc3a58f676c1466f5fb71eda72d5a24
SHA512

d2b87d9a99516041216c593aec1913d807b9771f60dcdc86918be55a8c686de99ad33bfd48cd7756394649da04a61e2d66f7d14fae4987104838bf968d97c592
SSDEEP

12288:R3c1yxe16Rd0U5oMhZXomtfIQCXgncvEyCaM/dawm5ovZ7W/HgJepIQ:RGyxcY0UiMhZVtgmnc/Cb/dLHB7WvgM1

Score

10^/10

Malware Config

Extracted

Family	formbook
Version	4.1
Campaign	ng04
Decoy	tevimaq.com easterspecialtystore.com smartlever.tech 10312.uk tanjawiharbi.co.uk 471338.com horusventure.com empress-care.com sinrian.com 465951.com aemsti.com nxcourier.com stargatefarms.com lalyquainvestment.com dailysportsadvice.com justlistmoore.com stoneonroll.online tatianakolomiets.com barcodebbm.com protectorship.world datingventure.info aurora-body.com sohomusicclub.com postapudding.co.uk mps-24.store fengjianghu.com fenostoreshop.site julietterosebarney.com 1a-datenschutz.com yejinxia.com firstmortgagedebt.com greengood.store skynet-one.net allianthrs.com centralflfc.com 46caminosobrante.com informatique07.com keebu.net gamebe.store nicestartech.top smbxd.com dyadent.store xiangmeihao.com exac7.com vesiensuojelu.com youhaometal.com jiewo.top xmfaucet.com avocadotaco.com nicelove.online beautytimelashesnails.com domainand.site tlqf.net mentionevery.online jeuxjetx.fr device-track.co re364t6.top teamlepleiadi.com againsubpackaddr.com blemchi.xyz yxzhcpa.com cycle-xchange.store medimattress.info cosme-mochi.net wekurd.com tevimaq.com easterspecialtystore.com smartlever.tech 10312.uk tanjawiharbi.co.uk 471338.com horusventure.com empress-care.com sinrian.com 465951.com aemsti.com nxcourier.com stargatefarms.com lalyquainvestment.com dailysportsadvice.com justlistmoore.com stoneonroll.online tatianakolomiets.com barcodebbm.com protectorship.world datingventure.info aurora-body.com sohomusicclub.com postapudding.co.uk mps-24.store fengjianghu.com fenostoreshop.site julietterosebarney.com 1a-datenschutz.com yejinxia.com firstmortgagedebt.com greengood.store skynet-one.net allianthrs.com centralflfc.com 46caminosobrante.com informatique07.com keebu.net gamebe.store nicestartech.top smbxd.com dyadent.store xiangmeihao.com exac7.com vesiensuojelu.com youhaometal.com jiewo.top xmfaucet.com avocadotaco.com nicelove.online beautytimelashesnails.com domainand.site tlqf.net mentionevery.online jeuxjetx.fr device-track.co re364t6.top teamlepleiadi.com againsubpackaddr.com blemchi.xyz yxzhcpa.com cycle-xchange.store medimattress.info cosme-mochi.net wekurd.com

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.8040.31387.exe
- Size
  
  626KB
- MD5
  
  094fd52eec0055205bddc82c5f78ad87
- SHA1
  
  c06a2da7c13bcebe40b4cd46d4afaaa856b0de95
- SHA256
  
  dd7c962afea2752944885fdd3551a0a50fc3a58f676c1466f5fb71eda72d5a24
- SHA512
  
  d2b87d9a99516041216c593aec1913d807b9771f60dcdc86918be55a8c686de99ad33bfd48cd7756394649da04a61e2d66f7d14fae4987104838bf968d97c592
- SSDEEP
  
  12288:R3c1yxe16Rd0U5oMhZXomtfIQCXgncvEyCaM/dawm5ovZ7W/HgJepIQ:RGyxcY0UiMhZVtgmnc/Cb/dLHB7WvgM1
Score

10^/10

formbook ng04 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2