Overview

overview

10

Static

static

1

0624327417...ff.exe

windows7-x64

10

0624327417...ff.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17e860b41dc286806e477310a4cbef79.bin

  • Size

    298KB

  • Sample

    230324-bgf7vabc39

  • MD5

    640be74aadef18540e8de5e49b254aff

  • SHA1

    a3da90c4055f711c4f3c760b4aa1b6cb2a9bdd89

  • SHA256

    bd7c5deb09136d33543255097300a9b3971d0002c036a2e844857a54bb301fce

  • SHA512

    dc1edda20bb91a50cc87f6cabd55b260bd3e31e5b271a737a70470c1cb03fef7603382387fdd9d195a7e98c95ef7880a36a23989d193119def6a9c3f867b4947

  • SSDEEP

    6144:UNkvYruyrYY76ICnlb2lty4v2OiM+3wfqykkFaZCfgKkq:gWqudY7PCnv4vjl+3wfqCFICmq

Score
10/10
formbookguloadermi94discoverydownloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mi94

Decoy

realdigitalmarketing.co.uk

athle91.com

zetuinteriors.africa

jewelry2adore.biz

sneakersuomo.com

hotcoa.com

bestpetfinds.com

elatedfreedom.com

louisegoulet.com

licensescape.com

jenniferfalconerrealtor.com

xqan.net

textare.net

doctorlinkscsk.link

bizformspro.com

ameriealthcaritasfl.com

hanfengmeiye.com

anjin98.com

credit-cards-54889.com

dinero.news

Targets

    • Target

      06243274174960778e1adac528d0c2641cf742fa2ba0759c9fe762f7a0692aff.exe

    • Size

      311KB

    • MD5

      17e860b41dc286806e477310a4cbef79

    • SHA1

      221996f82df76554d7e7dc5e3f0426a2c768020d

    • SHA256

      06243274174960778e1adac528d0c2641cf742fa2ba0759c9fe762f7a0692aff

    • SHA512

      e07ca910adbce9478e97bf68c556874f4d5d6bce64530eae3abe5ef96b7af5b8d316ced1cf39980cc356f18f3a2ee18a6c419ee78322a2f45a1926aa027a5f10

    • SSDEEP

      6144:hT5UzmTaDizyCSx6atVIt9lN9CaYf6XJ/tzklftBL7mCsVesYY4+NJTRK:hT55TwIlShVkN9U4VITl7mvYY4WJE

    Score
    10/10
    formbookguloadermi94discoverydownloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Formbook payload

      rat

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks