Overview

overview

10

Static

static

0b7fdf87ea...ce.exe

windows7-x64

10

0b7fdf87ea...ce.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b7fdf87eaef4aacb2b9443e59783840acbe87ea018c14af6601c5311261c4ce

  • Size

    913KB

  • Sample

    221209-cl3gbafa41

  • MD5

    c0cb8402b1f4d35c839936512ca83cb2

  • SHA1

    a01b85c6f3477d5870508401bf0b4b26cc141608

  • SHA256

    0b7fdf87eaef4aacb2b9443e59783840acbe87ea018c14af6601c5311261c4ce

  • SHA512

    8193a8be758580126ad11eac8981c3cae68c825fe94fb46eee7a1fddf55e64c2acaa2f4fc419d677287e4694a431283861f939e7d2a9b73527f7f436501a8bda

  • SSDEEP

    12288:tre/tfHGthrPoUWqnZL/UX/VbTNZf4H7ZbAyFncrBY:EpHGzrod8UX/VXGMNY

Score
10/10
formbookk056ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

k056

Decoy

I6ZtzMO4tX+tliE+qt4=

qXwc4gD7yggogn987j5wQsZnc+OhAVE=

nwnBB5b4yZzLwpZtMajutbGT

OPq8wCLHoBNRnmK+wxBDDw==

bTzuol7JkFaHt0Yjm9w=

RVb6jJxpFYSv68mTCxmjAR9EpZc=

gJYxuLCQJ8jpICAakIj5TRIz5d5nAg==

YcNluGLPr6riqCE+qt4=

7tJ2VmdlX7vg97aPDEVtyjjliIg=

oogs8ATrvjR2wK2SEURppMapY0aGKC/Z

rZNRJ05YUdcJNQHYg35h1DjliIg=

fKhsEh/trUJtfzCdkKnAf7g=

RErWQtoPxr3ZgDwd53Sg8K4FuyAbCg==

WmD0j56Vdcb7lWh/svwB

O03oaGRYI2eaNCKTl1KYpv9vXA==

mx7bLs05CuYL16R6NqzutbGT

kNZrspSqg1uq7us=

NyrglqmvhbYmdlnR0J0J

byKycKqcY9f9aQaIyg==

4apJHpfrlofCi0osmHfCAXkglo4=

Targets

    • Target

      0b7fdf87eaef4aacb2b9443e59783840acbe87ea018c14af6601c5311261c4ce

    • Size

      913KB

    • MD5

      c0cb8402b1f4d35c839936512ca83cb2

    • SHA1

      a01b85c6f3477d5870508401bf0b4b26cc141608

    • SHA256

      0b7fdf87eaef4aacb2b9443e59783840acbe87ea018c14af6601c5311261c4ce

    • SHA512

      8193a8be758580126ad11eac8981c3cae68c825fe94fb46eee7a1fddf55e64c2acaa2f4fc419d677287e4694a431283861f939e7d2a9b73527f7f436501a8bda

    • SSDEEP

      12288:tre/tfHGthrPoUWqnZL/UX/VbTNZf4H7ZbAyFncrBY:EpHGzrod8UX/VXGMNY

    Score
    10/10
    formbookk056ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks