Overview

overview

10

Static

static

1

a0c275ebd1...cb.exe

windows7-x64

8

a0c275ebd1...cb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a0c275ebd1005a313b20dd27ea739dcb.exe

  • Size

    414KB

  • Sample

    221206-rn1g3ahg7t

  • MD5

    a0c275ebd1005a313b20dd27ea739dcb

  • SHA1

    4c7fb52d3129f485919cf8dd2d8ea3f665e0a6b9

  • SHA256

    3077abc4b785271fc43389f94cee024de4fd4d3d7f4ada5c569a9aca09374a9d

  • SHA512

    19746c6270d4e54827488b31fa856286e81370c124c2f99b6fddc07311b62baf8969f5bbe433c891f921771e2aa912ad79e5015b97d247600b13eb844c467e6b

  • SSDEEP

    6144:PBnxm/hZudIIuLplWND4YOSAsRJVWMmH/w/dv4e6Hc+2u:LzdIZplW94YzAIJ0MT/ucPu

Score
10/10
formbookh3haratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h3ha

Decoy

ideas-dulces.store

store1995.store

swuhn.com

ninideal.com

musiqhaus.com

quranchart.com

kszq26.club

lightfx.online

thetickettruth.com

meritloancubk.com

lawnforcement.com

sogeanetwork.com

thedinoexotics.com

kojima-ah.net

gr-myab3z.xyz

platiniuminestor.net

reviewsiske.com

stessil-lifestyle.com

goodqjourney.biz

cirimpianti.com

Targets

    • Target

      a0c275ebd1005a313b20dd27ea739dcb.exe

    • Size

      414KB

    • MD5

      a0c275ebd1005a313b20dd27ea739dcb

    • SHA1

      4c7fb52d3129f485919cf8dd2d8ea3f665e0a6b9

    • SHA256

      3077abc4b785271fc43389f94cee024de4fd4d3d7f4ada5c569a9aca09374a9d

    • SHA512

      19746c6270d4e54827488b31fa856286e81370c124c2f99b6fddc07311b62baf8969f5bbe433c891f921771e2aa912ad79e5015b97d247600b13eb844c467e6b

    • SSDEEP

      6144:PBnxm/hZudIIuLplWND4YOSAsRJVWMmH/w/dv4e6Hc+2u:LzdIZplW94YzAIJ0MT/ucPu

    Score
    10/10
    formbookh3haratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks