Overview

overview

10

Static

static

1

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    563KB

  • Sample

    221215-v1f6qsch75

  • MD5

    a04ece5922c2ffd331b5f61e75255c4e

  • SHA1

    cf890f2284e36f3c85f74b6805c4c58e650db361

  • SHA256

    f5fe78aa6bda017d7e22059b5ab83f8c21532e4833cb5e4d8f40a2f28d407878

  • SHA512

    97111243be3e89cb3a7c5de5521dae162527b578b5a5b5987e3e2eedb729d3c32bb7cd87d45959154827424b7bf5a6b8606cc9a39f634e9f4692614e80bb8c4f

  • SSDEEP

    12288:rFvDna+Vyie/GBnKxpbs85ejLqsp+BaCPAq8Gz+V6jibhBi2:rRna+Vy3GVKxpbL5Ses0BAqlRjoq2

Score
10/10
formbookh3haratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h3ha

Decoy

ideas-dulces.store

store1995.store

swuhn.com

ninideal.com

musiqhaus.com

quranchart.com

kszq26.club

lightfx.online

thetickettruth.com

meritloancubk.com

lawnforcement.com

sogeanetwork.com

thedinoexotics.com

kojima-ah.net

gr-myab3z.xyz

platiniuminestor.net

reviewsiske.com

stessil-lifestyle.com

goodqjourney.biz

cirimpianti.com

Targets

    • Target

      tmp

    • Size

      563KB

    • MD5

      a04ece5922c2ffd331b5f61e75255c4e

    • SHA1

      cf890f2284e36f3c85f74b6805c4c58e650db361

    • SHA256

      f5fe78aa6bda017d7e22059b5ab83f8c21532e4833cb5e4d8f40a2f28d407878

    • SHA512

      97111243be3e89cb3a7c5de5521dae162527b578b5a5b5987e3e2eedb729d3c32bb7cd87d45959154827424b7bf5a6b8606cc9a39f634e9f4692614e80bb8c4f

    • SSDEEP

      12288:rFvDna+Vyie/GBnKxpbs85ejLqsp+BaCPAq8Gz+V6jibhBi2:rRna+Vy3GVKxpbL5Ses0BAqlRjoq2

    Score
    10/10
    formbookh3haratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks