Overview

overview

10

Static

static

1

RFQ-003451980.exe

windows7-x64

10

RFQ-003451980.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ-003451980.exe

  • Size

    791KB

  • Sample

    230324-jhjclach92

  • MD5

    0cd67eb934ba91045650fee0b4ffed72

  • SHA1

    e6243aee5180c010464fefb9adba2f6369a3d345

  • SHA256

    e1803249e33265318c9f806db079934571ee55c2554e001cee050bea59e06037

  • SHA512

    3ed7eb0c6d70bad3d78ddf6cb735de60fecfcfc8a44abd9f433d6eba2a43ad054f520bfb8961bf39ccc9c96501c77f2a4620a56f23ac56c9d35389eef4442d01

  • SSDEEP

    24576:oE1BQcmeV91Es5UFKl+8GaxFOz0W5s5RMOZG6:owmeL1lcd/o7RTZb

Score
10/10
formbookh4faratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h4fa

Decoy

aicheatsheet.business

happyhobo.stream

feel-free-shop.store

freehdbrazzers.online

harmonie-fairness-voting.ch

freely.cafe

boostedmotive.com

lapakvgogroup.xyz

ripple-world.com

intelligentmedialab.com

nesakuo.site

quantumexcellencemgmt.com

uqaabgraphics.com

ecycletech.net

delfinavgrfbedard.click

witsnsass.com

biohackersbookclub.com

zetaalgo.com

palcomobile.net

mrsprkl.com

Targets

    • Target

      RFQ-003451980.exe

    • Size

      791KB

    • MD5

      0cd67eb934ba91045650fee0b4ffed72

    • SHA1

      e6243aee5180c010464fefb9adba2f6369a3d345

    • SHA256

      e1803249e33265318c9f806db079934571ee55c2554e001cee050bea59e06037

    • SHA512

      3ed7eb0c6d70bad3d78ddf6cb735de60fecfcfc8a44abd9f433d6eba2a43ad054f520bfb8961bf39ccc9c96501c77f2a4620a56f23ac56c9d35389eef4442d01

    • SSDEEP

      24576:oE1BQcmeV91Es5UFKl+8GaxFOz0W5s5RMOZG6:owmeL1lcd/o7RTZb

    Score
    10/10
    formbookh4faratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks