Overview

overview

10

Static

static

1

dekont.exe

windows7-x64

10

dekont.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dekont.exe

  • Size

    249KB

  • Sample

    230329-q54qdaab8w

  • MD5

    c7d4b47decd58498f00c62638568d1ed

  • SHA1

    07fd7929bdd4b63ab0b1f02e0c252a2ac92cc038

  • SHA256

    038e05caf82ae977e5131e299da144e0eb8e0e2a9706f0465607ac8c7c725012

  • SHA512

    8b829c1d72e87fc7fc7f7b3c2fe88abd678302c93d465e5c73f6b18c283f7756878558ba22008caab2602cdff03408b398821189b3fd2f63a1c1bb0a27a0b018

  • SSDEEP

    6144:PYa6+f5UG5BcBkPiy88DlUDopV81yK+O7ioP9189yGPu9uvIvp:PYAhR2b8DF81OOJL89yGIuvIB

Score
10/10
formbookk04sratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k04s

Decoy

draanabellrojas.com

in03.one

kyraloves.co.uk

laluma.store

londoncell.com

kanurikibueadvocates.com

buyeasynow.net

escapefromtarkov-wiki.com

crewint.net

f-b.boats

beautyaidstudio.com

ashfieldconsultancy.uk

dlogsadood.com

ftgam.xyz

constantinopanama.com

yellowpocket.africa

konyil.com

easomobility.com

1135wickloecourt.com

indexb2b.com

Targets

    • Target

      dekont.exe

    • Size

      249KB

    • MD5

      c7d4b47decd58498f00c62638568d1ed

    • SHA1

      07fd7929bdd4b63ab0b1f02e0c252a2ac92cc038

    • SHA256

      038e05caf82ae977e5131e299da144e0eb8e0e2a9706f0465607ac8c7c725012

    • SHA512

      8b829c1d72e87fc7fc7f7b3c2fe88abd678302c93d465e5c73f6b18c283f7756878558ba22008caab2602cdff03408b398821189b3fd2f63a1c1bb0a27a0b018

    • SSDEEP

      6144:PYa6+f5UG5BcBkPiy88DlUDopV81yK+O7ioP9189yGPu9uvIvp:PYAhR2b8DF81OOJL89yGIuvIB

    Score
    10/10
    formbookk04sratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks