Overview

overview

10

Static

static

10

1204-67-0x...ry.exe

windows7-x64

1

1204-67-0x...ry.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1204-67-0x0000000000400000-0x000000000042F000-memory.dmp

  • Size

    188KB

  • Sample

    221219-q293zsab8x

  • MD5

    b7bd58e0e83b7c048f7f9732d7271328

  • SHA1

    818764a48250b7c212d721ee335d8826982d675e

  • SHA256

    b349f4a7172c2b7904ca946b522972e7f1b727e3c29e14ac989766e06dfa75af

  • SHA512

    9c458cf689e830b3c35a9749692c51e72e4dac1c4d937147b785b8ae093b4a9ab6aa26dbc5b7d5b175edb576816237f5e98d38aca1650621fb6b333897d0b26a

  • SSDEEP

    3072:RhtEi4FnWtWuv3mOhtXT9OZ21TBf2skhXk8+QS38pg1YMfK1WbMJiEXmng2eL:I8vm2VTgZgVf2skSQOt1YMfK1Pm

Score
10/10
formbookoy19rat

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oy19

Decoy

ultimateinvestorscript.com

pawstothepavementnj.com

cutiesnapadventures.com

karansyntex.com

hotelsehrama.com

tourismemail.net

luckystc.com

wwzyt.com

97k8.icu

bitcoinboz.com

viajesclick.com

maindns.cfd

hampykostore.xyz

aurabrewing.com

leisure.hair

velo.events

hsebastian.com

kominka-japan.com

mes-limited.com

threesixtyland.com

Targets

    • Target

      1204-67-0x0000000000400000-0x000000000042F000-memory.dmp

    • Size

      188KB

    • MD5

      b7bd58e0e83b7c048f7f9732d7271328

    • SHA1

      818764a48250b7c212d721ee335d8826982d675e

    • SHA256

      b349f4a7172c2b7904ca946b522972e7f1b727e3c29e14ac989766e06dfa75af

    • SHA512

      9c458cf689e830b3c35a9749692c51e72e4dac1c4d937147b785b8ae093b4a9ab6aa26dbc5b7d5b175edb576816237f5e98d38aca1650621fb6b333897d0b26a

    • SSDEEP

      3072:RhtEi4FnWtWuv3mOhtXT9OZ21TBf2skhXk8+QS38pg1YMfK1WbMJiEXmng2eL:I8vm2VTgZgVf2skSQOt1YMfK1Pm

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks