Overview

overview

10

Static

static

090b0e3878...80.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    090b0e38780c07da32a7d9119c754e34b398845b94fbe8ea544fc9ab8d81ac80.zip

  • Size

    665KB

  • Sample

    221207-rkq48afb47

  • MD5

    21719b3164af6e99c87c93e94c759474

  • SHA1

    618280d16fbe126e8cf4a24375222ffcaaf5562a

  • SHA256

    4d46bf02f526997927a97a27c56dc0c09133f309036efc28af45704b9c120751

  • SHA512

    5e5934f281fec463167c45b9882b2ee87a3ac81a6ceb7c902d7765fc6323e41ea85b6aafebf064580fcb683374ca8317e3d1a68860bda3483f7a00fa319cbc1a

  • SSDEEP

    12288:uaUdRN2hwweFPAUfbFICO+nz5v3ImsKsvdMMY5RHLeticUYyRYWElybcmJlKunf:dgT2hXIYv+nz5v37s925RHHYyRCEc+f

Score
10/10
formbookd94iratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d94i

Decoy

drain-pipe-cleaning-74655.com

culligandiiy.com

lknja.shop

salon-atmosfera.ru

steamgeneratorboilers.com

drain-pipe-cleaning-30896.com

dinoton.fun

feed-v.com

aym-brum.co.uk

bxztil.xyz

infinite-transformation.com

caticmicro.com

abrahamgranda.com

cleaninggem.com

hi5279.com

jainsdigitalservices.com

cglsuperset.com

kephatonrx.com

babyhandmold.com

braceelet.com

Targets

    • Target

      090b0e38780c07da32a7d9119c754e34b398845b94fbe8ea544fc9ab8d81ac80.exe

    • Size

      893KB

    • MD5

      38e553f81a142579ea9a4e61a5c02c14

    • SHA1

      44cb7f3254aa1991bd49039f9cfaec4ac3cf87b2

    • SHA256

      090b0e38780c07da32a7d9119c754e34b398845b94fbe8ea544fc9ab8d81ac80

    • SHA512

      3bc489194086f1abc40e077657d50835d6a71fe94314592aa47c806340ae3d5dd4f53bb8bc969c7d22cd2403fd395a8283a4573abb1475709dd7543c72b65203

    • SSDEEP

      12288:roQgKZ/nXt7virmWhlGLaQYIV7m2HUOZE2SqvXD0LLc7VrfOJvFTkfDtd9201ZRk:DBHEdqf0KOJvFTkf5L2GRahex3zLu

    Score
    10/10
    formbookd94iratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks