Overview

overview

10

Static

static

1

Original S...ts.exe

windows7-x64

10

Original S...ts.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Original Shipping documents.exe

  • Size

    785KB

  • Sample

    230208-m3zrvsad98

  • MD5

    d511e5a0e42309e6148b3e7f6b9e5bcf

  • SHA1

    858aade78f8463bca167656c81022f20a7535fb9

  • SHA256

    342215db36f2fa15a4b72d54cb4e7a7179462dcaab9dc9f791336df867d6d286

  • SHA512

    ea71544cdc672051dd8b04fb5ec08853fd2c04994b93a1fc1d61f5efcd2a18ac63f01dd9fb64a398eac1e701762aff019886a2baebf971ec4be4aee4b8ea381d

  • SSDEEP

    24576:IrxN5IC54TWMnp74YTKza8D7ajPhVoo6dlSA:Etgim8QeLmPIvdn

Score
10/10
formbookgg62ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gg62

Decoy

growfast.africa

lerema.com

38945.se

wheelfermotors.africa

giftshareforyou.online

burrismktg.com

keepgrowing.uk

efefhomeless.buzz

bryanokoh.com

fashion-clothing-40094.com

andreasunshine.com

naijahood.africa

aditrirealty.com

kinnoitodatsumou.com

cryptoqzclimax.com

hairly.biz

comeuphither4.com

integrity360.ltd

flushywhole.com

8869365.com

Targets

    • Target

      Original Shipping documents.exe

    • Size

      785KB

    • MD5

      d511e5a0e42309e6148b3e7f6b9e5bcf

    • SHA1

      858aade78f8463bca167656c81022f20a7535fb9

    • SHA256

      342215db36f2fa15a4b72d54cb4e7a7179462dcaab9dc9f791336df867d6d286

    • SHA512

      ea71544cdc672051dd8b04fb5ec08853fd2c04994b93a1fc1d61f5efcd2a18ac63f01dd9fb64a398eac1e701762aff019886a2baebf971ec4be4aee4b8ea381d

    • SSDEEP

      24576:IrxN5IC54TWMnp74YTKza8D7ajPhVoo6dlSA:Etgim8QeLmPIvdn

    Score
    10/10
    formbookgg62ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks