Overview

overview

10

Static

static

1

noicnneland.exe

windows7-x64

10

noicnneland.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    noicnneland.exe

  • Size

    260KB

  • Sample

    221212-h1k4gaag66

  • MD5

    c3242e5ee4129324ec0aac8bc36e1da2

  • SHA1

    f815b6d86574b9793e4dbcb9a7df96b949640c81

  • SHA256

    b43ffec2fd99899625e4926eb422f84375b790596072b1a0a88eb73a91ed0152

  • SHA512

    a781635853d807633490fb4ac9f9491788a7d12e455551819fb4c365d293255b7d920406d38c58d85a3861a16f74a3f25e84bd0d44050d649dbb3c85c860c479

  • SSDEEP

    6144:9kweMU8BfVdjzSrt5YehwOnSvo6c40pIwaRIRJL:aMUSdUrhyvcfpMIRJL

Score
10/10
formbookh3haratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h3ha

Decoy

ideas-dulces.store

store1995.store

swuhn.com

ninideal.com

musiqhaus.com

quranchart.com

kszq26.club

lightfx.online

thetickettruth.com

meritloancubk.com

lawnforcement.com

sogeanetwork.com

thedinoexotics.com

kojima-ah.net

gr-myab3z.xyz

platiniuminestor.net

reviewsiske.com

stessil-lifestyle.com

goodqjourney.biz

cirimpianti.com

Targets

    • Target

      noicnneland.exe

    • Size

      260KB

    • MD5

      c3242e5ee4129324ec0aac8bc36e1da2

    • SHA1

      f815b6d86574b9793e4dbcb9a7df96b949640c81

    • SHA256

      b43ffec2fd99899625e4926eb422f84375b790596072b1a0a88eb73a91ed0152

    • SHA512

      a781635853d807633490fb4ac9f9491788a7d12e455551819fb4c365d293255b7d920406d38c58d85a3861a16f74a3f25e84bd0d44050d649dbb3c85c860c479

    • SSDEEP

      6144:9kweMU8BfVdjzSrt5YehwOnSvo6c40pIwaRIRJL:aMUSdUrhyvcfpMIRJL

    Score
    10/10
    formbookh3haratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks