Overview

overview

10

Static

static

1

e-dekont.html.exe

windows7-x64

10

e-dekont.html.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e-dekont.html.exe

  • Size

    322KB

  • Sample

    221207-n2axsadh65

  • MD5

    55118de0c492e1425cb3ef8f27ed7124

  • SHA1

    2d7a0eee423509129264dce5266c13e0c67e21d3

  • SHA256

    6e8de74475e365bdd0f573a03266f447a13f30a76cc2c71d14c1fc5607e1ae5d

  • SHA512

    b14b1a918f1760558c5cc4437c1d1626f0c77aa28c3f2fae89985dda4f64f426d0a28b9ccee8e6687472f29a914ccf8e710950898ba0f09e484189e1e7bfd407

  • SSDEEP

    6144:QBn1X1benXIzx6/7YMovhl5nqvEQqVX8QYaTttAFvnkU/Vdcf757dpqXbUA0hO:gX1aF/7YZ35n4EQq9zyvz/aVZpqXD04

Score
10/10
formbookmi08ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mi08

Decoy

mytimebabes.com

ycpxb.com

abdkaplani.com

cloudingersoftech.com

fthfire.xyz

christyna.work

3d-add-on.com

knowyourtechdeals.com

kcl24.com

sepatubiker.com

sunnyboy.live

zrbsq.com

rinpari.com

lesac-berra.com

yes820.com

cnnorman.com

mystichousedv.com

sbobet888auto.com

gawiul.xyz

luispenas.com

Targets

    • Target

      e-dekont.html.exe

    • Size

      322KB

    • MD5

      55118de0c492e1425cb3ef8f27ed7124

    • SHA1

      2d7a0eee423509129264dce5266c13e0c67e21d3

    • SHA256

      6e8de74475e365bdd0f573a03266f447a13f30a76cc2c71d14c1fc5607e1ae5d

    • SHA512

      b14b1a918f1760558c5cc4437c1d1626f0c77aa28c3f2fae89985dda4f64f426d0a28b9ccee8e6687472f29a914ccf8e710950898ba0f09e484189e1e7bfd407

    • SSDEEP

      6144:QBn1X1benXIzx6/7YMovhl5nqvEQqVX8QYaTttAFvnkU/Vdcf757dpqXbUA0hO:gX1aF/7YZ35n4EQq9zyvz/aVZpqXD04

    Score
    10/10
    formbookmi08ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks