Overview

overview

10

Static

static

1756b3146d...b8.exe

windows7-x64

10

1756b3146d...b8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1756b3146d41b5bc8ba9812d3cd84915c65789abddd9e47be379122d95ae1bb8

  • Size

    917KB

  • Sample

    221209-cl8ckaca98

  • MD5

    44fddb518fe7ae56bb6e7fc5cc75c074

  • SHA1

    4aaad642633b7db923609560605bdce4545c8fb0

  • SHA256

    1756b3146d41b5bc8ba9812d3cd84915c65789abddd9e47be379122d95ae1bb8

  • SHA512

    72a152d732220c2d058b51b2c29fa7fa111548685d09dcbd468df9027588a60f3267b25cdf0e33e07bae8916c8d39b52699afc2b23d5ba95671ef72c132f497f

  • SSDEEP

    12288:Q15pBBGRYdw/oZqClyzSOiyvUvLYRWqbtyZp6CHOJ4:yB0RY6bClfOiy8zTqbgL

Score
10/10
formbookfcozratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

fcoz

Decoy

MRP2++cHUPX9S/s=

WxagP+lDZe+e6rpChgFM3hi55Ojp

E9CIE0ss7RCbbu6iub8MJA==

iDn2ZqCzgaIw5IzW7E+SIFQ=

WajMuVFpZa01

eTOps+XHXWOPYRvUCQ==

GQj+Frw0vpbNJv8rUYyICjKS/UcDF3sw

eVYV85c8Dn4m

djkEcIZdz3iZ/7Wi4TG4wVw=

AtuAHS0J0JobAA==

wKN6UwVvlDczjD8FdsoVw1km

x5Ri/y4W2NHxaBSLs/kUdF4qkA==

7dtvTkQwrkT4FA8/cNDcTD8giQ==

Px3MU3dWITVuEnx9FuBbp9Qu

GBG1iCauLeYRoEB+wUo=

18JEUX9i8d0Bk31Lc53jABkkGDI=

gGMB3ZT6Q+GSmpC2+TeqPmtKOTo=

iGc/1QL48TRz0bu05TG4wVw=

B+l6VT8enZN3CvM=

zJNOq6BsLWPerVmK0R5bp9Qu

Targets

    • Target

      1756b3146d41b5bc8ba9812d3cd84915c65789abddd9e47be379122d95ae1bb8

    • Size

      917KB

    • MD5

      44fddb518fe7ae56bb6e7fc5cc75c074

    • SHA1

      4aaad642633b7db923609560605bdce4545c8fb0

    • SHA256

      1756b3146d41b5bc8ba9812d3cd84915c65789abddd9e47be379122d95ae1bb8

    • SHA512

      72a152d732220c2d058b51b2c29fa7fa111548685d09dcbd468df9027588a60f3267b25cdf0e33e07bae8916c8d39b52699afc2b23d5ba95671ef72c132f497f

    • SSDEEP

      12288:Q15pBBGRYdw/oZqClyzSOiyvUvLYRWqbtyZp6CHOJ4:yB0RY6bClfOiy8zTqbgL

    Score
    10/10
    formbookfcozratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks