Overview

overview

10

Static

static

1

2ee6aac966...32.exe

windows7-x64

10

2ee6aac966...32.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2ee6aac96667a49df963edc8384038b0859d689ab4377e74ac7f45086010c732.zip

  • Size

    694KB

  • Sample

    230321-qq281acf5w

  • MD5

    8d5e473fce47ae3e7a3cf47623249a58

  • SHA1

    43ab959daeca601cb83b5180575a9ac20ee67d8c

  • SHA256

    ad613ea8f2d306d287fe42bb1c866457621be85314baa9ceaad0fc4c1a3eb7f7

  • SHA512

    e5b5eecedecccf81f3f8f90e3bdce42eaa83dd9877fcc263a4c33bddb92b8c78c60bddf6188b1352afae79dea666843037e89f177f9f731d2245a6ed6cf12671

  • SSDEEP

    12288:AOSLUXfNUfjoE+4d67wtTB1HWVH+TiKdMbyjNDU28rY4ousnxqSSQrw:XuUX1UfjcGB1q3KdgyRV8rY4oujN

Score
10/10
formbookjr22ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jr22

Decoy

941zhe.com

lunarportal.space

xn--osmaniyeiek-t9ab.online

trejoscar.com

nrnursery.com

quizcannot.cfd

seedstockersthailand.com

watsonwindow.com

wjfholdings.com

weziclondon.com

naruot.xyz

yeji.plus

classicmenstore.com

oharatravel.com

therapyplankits.com

keviegreshonpt.com

qdlyner.com

seithupaarungal.com

casinorates.online

8ug4as.icu

Targets

    • Target

      2ee6aac96667a49df963edc8384038b0859d689ab4377e74ac7f45086010c732.exe

    • Size

      749KB

    • MD5

      6561c71692329e5c4b10948e273ac496

    • SHA1

      f01d729fbd8934730fd7531fa00649089e531616

    • SHA256

      2ee6aac96667a49df963edc8384038b0859d689ab4377e74ac7f45086010c732

    • SHA512

      73fe44ecf169bf6b35b7b3732caf201a6d949739cd5b627137f63dfef68e20ee9132def26672ecd9689a636d269a3e14853b6d771312c764ef23b2a05f762fa5

    • SSDEEP

      12288:i97mYMUnFW/N5b9hsF+U5u0RX4up4Aev8lZLse1bdHnL+2CzomKsciaicxJnj:i97UrIF+UloE4AevUZhniZzL2iKv

    Score
    10/10
    formbookjr22ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks