Overview

overview

10

Static

static

1

RFQ-003451980.exe

windows7-x64

1

RFQ-003451980.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ-003451980.XZ.xz

  • Size

    714KB

  • Sample

    230324-jgz9qach88

  • MD5

    0b27578b9d4dcac099786e0018af101f

  • SHA1

    395b9a06056a52e45a45af8bcb61bdaabca4f7d0

  • SHA256

    ca0509fa76c36ebde7f059f872329178eb2b1307971424c5b3cb33e3242a2e6f

  • SHA512

    5508cdef2083177b1ad925f2c62e900148992561052d1037b147d03a21df8e1e74cf00e51751e907149cbdf6fc4d3d979a0b8d9de6a576a24654fe9f115d6789

  • SSDEEP

    12288:U+T2jY4C393wTRWnjna6rBrrzFs1bRoBvGDg0cwtXq0AzQgvztDX+U67avx6KYp:U+T2j7YjBrBH61qBv103U5SEwp

Score
10/10
formbookh4faratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h4fa

Decoy

aicheatsheet.business

happyhobo.stream

feel-free-shop.store

freehdbrazzers.online

harmonie-fairness-voting.ch

freely.cafe

boostedmotive.com

lapakvgogroup.xyz

ripple-world.com

intelligentmedialab.com

nesakuo.site

quantumexcellencemgmt.com

uqaabgraphics.com

ecycletech.net

delfinavgrfbedard.click

witsnsass.com

biohackersbookclub.com

zetaalgo.com

palcomobile.net

mrsprkl.com

Targets

    • Target

      RFQ-003451980.exe

    • Size

      791KB

    • MD5

      0cd67eb934ba91045650fee0b4ffed72

    • SHA1

      e6243aee5180c010464fefb9adba2f6369a3d345

    • SHA256

      e1803249e33265318c9f806db079934571ee55c2554e001cee050bea59e06037

    • SHA512

      3ed7eb0c6d70bad3d78ddf6cb735de60fecfcfc8a44abd9f433d6eba2a43ad054f520bfb8961bf39ccc9c96501c77f2a4620a56f23ac56c9d35389eef4442d01

    • SSDEEP

      24576:oE1BQcmeV91Es5UFKl+8GaxFOz0W5s5RMOZG6:owmeL1lcd/o7RTZb

    Score
    10/10
    formbookh4faratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks