Overview

overview

10

Static

static

REVISED_.exe

windows7-x64

10

REVISED_.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    REVISED_.EXE

  • Size

    761KB

  • Sample

    230202-j8dvssfe84

  • MD5

    c18c92beacd7e92b9881eb2d8a56d2ad

  • SHA1

    ed42c80e56dfb719435cc58919758a195341055b

  • SHA256

    ed5c5ef5186a78d9dd02e7dbf36b0bcc9d6c0e733f04a6780f6bcf06dbfc3338

  • SHA512

    ed4735fd4d07653e5bc8c7eee0b53996d36f1efed3ef52954ee2e39d51f6a08fbab5b1578fe39c3652fecdac45d665f0b295809f24bdd2cee7f10928510910a9

  • SSDEEP

    12288:3tz8L6gu+xMRSR5SEtKypyE4s09JtWsJIPg8zLvqsEqG4yPa:CLzyRU5Zp74so3WaCTC1qG4yPa

Score
10/10
formbookgg62ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gg62

Decoy

growfast.africa

lerema.com

38945.se

wheelfermotors.africa

giftshareforyou.online

burrismktg.com

keepgrowing.uk

efefhomeless.buzz

bryanokoh.com

fashion-clothing-40094.com

andreasunshine.com

naijahood.africa

aditrirealty.com

kinnoitodatsumou.com

cryptoqzclimax.com

hairly.biz

comeuphither4.com

integrity360.ltd

flushywhole.com

8869365.com

Targets

    • Target

      REVISED_.EXE

    • Size

      761KB

    • MD5

      c18c92beacd7e92b9881eb2d8a56d2ad

    • SHA1

      ed42c80e56dfb719435cc58919758a195341055b

    • SHA256

      ed5c5ef5186a78d9dd02e7dbf36b0bcc9d6c0e733f04a6780f6bcf06dbfc3338

    • SHA512

      ed4735fd4d07653e5bc8c7eee0b53996d36f1efed3ef52954ee2e39d51f6a08fbab5b1578fe39c3652fecdac45d665f0b295809f24bdd2cee7f10928510910a9

    • SSDEEP

      12288:3tz8L6gu+xMRSR5SEtKypyE4s09JtWsJIPg8zLvqsEqG4yPa:CLzyRU5Zp74so3WaCTC1qG4yPa

    Score
    10/10
    formbookgg62ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks