Overview

overview

10

Static

static

1

34c2526748...bb.exe

windows7-x64

10

34c2526748...bb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    030de17769357418013f18e0ad1b61bb.bin

  • Size

    738KB

  • Sample

    230328-bcwfzagb44

  • MD5

    6fe8489b28d9ba3744710c5c74c59310

  • SHA1

    5b12e8a5aa6cb5b79aa71d920283ce16ef671236

  • SHA256

    b03aea600c06151e3ac24e8e2aa7866a4dd91ecda956276e3a6b7c2517729fef

  • SHA512

    ddfec44bc9edb122d73fea8abe72bb09d2af0a5e20331fe81796f3fc3797a36a8a326e3b0637c7324f6c16a5d1f3263960962725225a9c35072a8e116e9b706d

  • SSDEEP

    12288:fSvIzwFywcbKolR38tIOi3/k+IDcztN2ahbAYKaDKxLJ05OEc++:KvmrwMV3lID4tN22AYKau9iIEr+

Score
10/10
formbookbpnwratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bpnw

Decoy

subsc-music.com

spiffyd01.buzz

link2it.xyz

coenst.site

carltonautomatic.com

argbeauty.co.uk

tenantdfgg.click

mammothbechtelar.com

bekkarblogger.com

rheamoments.com

themagicofbedtime.com

berksbeaconnews.com

1stpagerealestate.com

ammarshoes.com

lv-newlife.com

travelnewsbuzz.com

promo-tv.fun

getfreedownload.online

al-istitmar.info

strataclleanenergy.com

Targets

    • Target

      34c2526748f1214c70cbefa7e45e067e86e78c79759cafa9fdf1082795ed92bb.bin

    • Size

      814KB

    • MD5

      030de17769357418013f18e0ad1b61bb

    • SHA1

      3bfd9fd82f846a73f319eb2a29f246dbf143e721

    • SHA256

      34c2526748f1214c70cbefa7e45e067e86e78c79759cafa9fdf1082795ed92bb

    • SHA512

      84f378d657e3bf30028fe4aeafea91d3da68dfe77531a10d0919dc439285633bf97914b8ec9a9f9e998c6ef3239697f43dd0e1979623017875e4906246445826

    • SSDEEP

      12288:qA53B0OKIZt8JDol8JSfyjaGClHNfUFL1FCgUoygyKIwp6DoFxVf6lzZGJhZ:qA5x8IE9olWK7G6t4jFBJIw4cMhZgD

    Score
    10/10
    formbookbpnwratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks