Overview

overview

10

Static

static

1

jetss6754309.exe

windows7-x64

10

jetss6754309.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6750CC01BC4BD9EE45E1BC3505CF3FF03D87E10F40C3B9ABFEDD39D79E4B97F7

  • Size

    201KB

  • Sample

    221213-2qch5abd3y

  • MD5

    7643a79b6446c82c4f22af486f7d5a36

  • SHA1

    68aeab90cfdac5508b77d49367f4aad2dd48b9ec

  • SHA256

    6750cc01bc4bd9ee45e1bc3505cf3ff03d87e10f40c3b9abfedd39d79e4b97f7

  • SHA512

    f40fb9fbde8eef90eaa5455a6eb8b321f794502f918a947625e385e2d2239ae4909b6d8eafc6c89e9c4f95e35708cc358b1855f0bd6a3313a38a306b0deabadb

  • SSDEEP

    6144:YHFyvZaljLjPucCad8dXcj8JkooMNZgEUpq:U/75SF48JrZT0q

Score
10/10
formbookje14ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

je14

Decoy

innervisionbuildings.com

theenergysocialite.com

565548.com

panghr.com

onlyonesolutions.com

stjohnzone6.com

cnotes.rest

helfeb.online

xixi-s-inc.club

easilyentered.com

theshopx.store

mrclean-ac.com

miamibeachwateradventures.com

jpearce.co.uk

seseragi-bunkou.com

minimaddie.com

commbank-help-849c3.com

segohandelsonderneming.com

namthanhreal.com

fototerapi.online

Targets

    • Target

      jetss6754309.exe

    • Size

      213KB

    • MD5

      ec45a9ff0d37e2c4c4b22f752faa737b

    • SHA1

      9cb38d97822f17be47da16570a996bce4424aa9f

    • SHA256

      d93367d117ae7f3d7a13e3958554500d54182cd51c6426448f1d248d732a0484

    • SHA512

      2e7c7305a121ed39b630fdb58040ee94bb3eb1ab0558ed26b40109018272f71fc00b27358d0a16308405548af4051052661e0a5c44610c20c86546bb673cce5a

    • SSDEEP

      6144:qweEpk2xjPucCaf8VXcj8JqooMJZgEUpW:bbx750t48JBZT0W

    Score
    10/10
    formbookje14ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks