Overview

overview

10

Static

static

1

fde11e6f4e...ef.exe

windows7-x64

10

fde11e6f4e...ef.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fde11e6f4e911647593850de2ddc4b747eee070999f8031101d02bf4cb2364ef.exe

  • Size

    297KB

  • Sample

    230206-rwva1sed28

  • MD5

    af2b8f5ab74b832d8afdeb31bbbedf7a

  • SHA1

    843c977f2763e00215798252df9d72e705be2049

  • SHA256

    fde11e6f4e911647593850de2ddc4b747eee070999f8031101d02bf4cb2364ef

  • SHA512

    d01f8c2d03e4ea2db7e4c308e45e99cdabddae25a4260d685d00c57fd515b6a011683cdb6ef9beb7ab3c5997d2aead36dbff0d0cda1dec141e95b12b0b345ce1

  • SSDEEP

    6144:nYa6cjfjA7IUkIDhzdQoz9FDJuWYtfX5Nyu6YtSXiOJF:nYYfSxkDcuWwHdsn

Score
10/10
formbookrs11ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rs11

Decoy

brigtsidefinancial.com

kotteri-mannish.com

black-iron-fences-bros.com

fnixo.com

gondes.net

cutleryknives-store.com

cabledahmercadillacvip.com

redstaing.com

cateri.africa

cgadminservices.com

wilwin.net

moteru40.net

floraandfate.com

aram-eyes.com

bcrazy55.com

courierpay.buzz

discovervielven.com

mymansshirt.com

junglesmp.online

classic-workshop.com

Targets

    • Target

      fde11e6f4e911647593850de2ddc4b747eee070999f8031101d02bf4cb2364ef.exe

    • Size

      297KB

    • MD5

      af2b8f5ab74b832d8afdeb31bbbedf7a

    • SHA1

      843c977f2763e00215798252df9d72e705be2049

    • SHA256

      fde11e6f4e911647593850de2ddc4b747eee070999f8031101d02bf4cb2364ef

    • SHA512

      d01f8c2d03e4ea2db7e4c308e45e99cdabddae25a4260d685d00c57fd515b6a011683cdb6ef9beb7ab3c5997d2aead36dbff0d0cda1dec141e95b12b0b345ce1

    • SSDEEP

      6144:nYa6cjfjA7IUkIDhzdQoz9FDJuWYtfX5Nyu6YtSXiOJF:nYYfSxkDcuWwHdsn

    Score
    10/10
    formbookrs11ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks