Overview

overview

10

Static

static

2.exe

windows7-x64

1

2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2.exe

  • Size

    1013KB

  • Sample

    221209-l2nsjafg4w

  • MD5

    aeb84c66c380f458395b68d85f218220

  • SHA1

    1ffa13296624fafa20a932854382384745520fc4

  • SHA256

    007da5cb25a7ac030d0e3d0d82a1cd09a069bdb607b6f44ea8538c12ba048aae

  • SHA512

    3d4d91e03163d2d526307b56211e760194e192ebae2b266133945243ffaf76a63330aab2d4563e863f88c1a474b7f8e190ca8bb7be3823c0034d274918b58c3c

  • SSDEEP

    24576:eWfCE1Dg/WbBWVVl52uLAZwFWBfYn+2zmRwpFM:ev+8hVl52PZ6KY+2qRR

Score
10/10
formbookj17jratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

j17j

Decoy

playphf.live

solarthinfilmtec.com

gdhaoshan.com

posh-designs.com

369andrewst.com

doverupblications.com

hengshangmei.com

decungo.com

checksinthemaiil.com

4localde.com

wetakeoveryourhousepayments.com

overcharge-center.com

mmmmmboulder.com

almaszarrin.net

enterpriseturkey.com

lanierfurniture.com

lhzb726-gw021.vip

onuiol.com

dmitrytodosyev.com

117uuu.com

Targets

    • Target

      2.exe

    • Size

      1013KB

    • MD5

      aeb84c66c380f458395b68d85f218220

    • SHA1

      1ffa13296624fafa20a932854382384745520fc4

    • SHA256

      007da5cb25a7ac030d0e3d0d82a1cd09a069bdb607b6f44ea8538c12ba048aae

    • SHA512

      3d4d91e03163d2d526307b56211e760194e192ebae2b266133945243ffaf76a63330aab2d4563e863f88c1a474b7f8e190ca8bb7be3823c0034d274918b58c3c

    • SSDEEP

      24576:eWfCE1Dg/WbBWVVl52uLAZwFWBfYn+2zmRwpFM:ev+8hVl52PZ6KY+2qRR

    Score
    10/10
    formbookj17jratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks