Overview

overview

10

Static

static

1

ddae367e82...d2.exe

windows7-x64

10

ddae367e82...d2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ddae367e828d169834f7261f3cba74d2.exe

  • Size

    1.2MB

  • Sample

    230323-s37qcsgf44

  • MD5

    ddae367e828d169834f7261f3cba74d2

  • SHA1

    0a7f61bc670a38cce473053b93c3796649f3ce57

  • SHA256

    c09f9057e4341633036324cbe43955122e503d1b73a979977b43030f4cf1ef10

  • SHA512

    5ac0dfd3e14198550feed9dcc7e3637f2e1de7d8ad8558f280b8cc9350e2e092eef19b0ddf6f5090c78bb33dd4b0740def662ebb742591ac7b74a46220a3fac4

  • SSDEEP

    24576:m3hJAVEoHlqRTPEZjimfAygETqHnyCPTONsM:mRJJNRTCbfAygETqHnyCP6NsM

Score
10/10
formbookar73ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ar73

Decoy

classgorilla.com

b6817.com

1wwuwa.top

dgslimited.africa

deepwaterships.com

hkshshoptw.shop

hurricanevalleyatvjamboree.com

ckpconsulting.com

laojiangmath.com

authenticityhacking.com

family-doctor-53205.com

investinstgeorgeut.com

lithoearthsolution.africa

quickhealcareltd.co.uk

delightkgrillw.top

freezeclosettoilet.com

coo1star.com

gemgamut.com

enrichednetworksolutions.com

betterbeeclean.com

Targets

    • Target

      ddae367e828d169834f7261f3cba74d2.exe

    • Size

      1.2MB

    • MD5

      ddae367e828d169834f7261f3cba74d2

    • SHA1

      0a7f61bc670a38cce473053b93c3796649f3ce57

    • SHA256

      c09f9057e4341633036324cbe43955122e503d1b73a979977b43030f4cf1ef10

    • SHA512

      5ac0dfd3e14198550feed9dcc7e3637f2e1de7d8ad8558f280b8cc9350e2e092eef19b0ddf6f5090c78bb33dd4b0740def662ebb742591ac7b74a46220a3fac4

    • SSDEEP

      24576:m3hJAVEoHlqRTPEZjimfAygETqHnyCPTONsM:mRJJNRTCbfAygETqHnyCP6NsM

    Score
    10/10
    formbookar73ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks