Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    259KB

  • Sample

    230127-qk6n8scg2w

  • MD5

    db1d6b6c1108594478f24a4786471f12

  • SHA1

    6d12343a3c3f5b0963b29f627149a50b4e45b863

  • SHA256

    cec7134d68d67d6f7ee0d32945f6ee4eafeb58a68c4769867f212ad879480c22

  • SHA512

    8f6f791b7a468ae338563a864c8cd4aae8c1a691e96ebba10c73c39b855aa3630f060771a04942a37c3016e4f266decbc5db35fec3ec7210acac6f12ed1da0a7

  • SSDEEP

    6144:/Ya6NlOY6ck9QfODA2riUkgkg4j8DLeHrcQBFtz4niOVdNPpm:/YXcqf7tjg5r0zz4iKm

Score
10/10
formbookw12eratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

w12e

Decoy

poshsalon.co.uk

ideeksha.net

eaglebreaks.com

exileine.me.uk

saveittoday.net

ceon.tech

estateagentswebsitedesign.uk

faropublicidade.com

depression-treatment-83678.com

informationdata16376.com

wirecreations.africa

coolsculpting-pros.life

ethoshabitats.com

amtindividual.com

gotoken.online

cherny-100-imec-msu.ru

historicaarcanum.com

gpsarhealthcare.com

kx1257.com

abdullahbinomar.com

Targets

    • Target

      file

    • Size

      259KB

    • MD5

      db1d6b6c1108594478f24a4786471f12

    • SHA1

      6d12343a3c3f5b0963b29f627149a50b4e45b863

    • SHA256

      cec7134d68d67d6f7ee0d32945f6ee4eafeb58a68c4769867f212ad879480c22

    • SHA512

      8f6f791b7a468ae338563a864c8cd4aae8c1a691e96ebba10c73c39b855aa3630f060771a04942a37c3016e4f266decbc5db35fec3ec7210acac6f12ed1da0a7

    • SSDEEP

      6144:/Ya6NlOY6ck9QfODA2riUkgkg4j8DLeHrcQBFtz4niOVdNPpm:/YXcqf7tjg5r0zz4iKm

    Score
    10/10
    formbookw12eratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks