Overview

overview

10

Static

static

1

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    5.0MB

  • Sample

    230404-t2jsksgf33

  • MD5

    5288674c2d9557bd89a0aab4869f1f60

  • SHA1

    687b6337728a7e4fa646bfd1b0ddce84bcedf23d

  • SHA256

    c9bdb8c092e5af89aacb7feae545fa43da02c84f6ac74a3a60cef3f9076c0ca4

  • SHA512

    5305880363570bd0da5ae95fca7b54dfd70e4cb1a090c72a46420d4ce76bdb6b1b56753ef36a57d26cc06012d3028fbbb11c9afa0c6e33ec59b84caf27ad3eff

  • SSDEEP

    49152:RsOS3uqy5zwcdnOJgYGT0f7fVGyfxHN5ixWRAhMGOuhSTDMj:0ebweOJF7Q

Score
10/10
formbookar73ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ar73

Decoy

classgorilla.com

b6817.com

1wwuwa.top

dgslimited.africa

deepwaterships.com

hkshshoptw.shop

hurricanevalleyatvjamboree.com

ckpconsulting.com

laojiangmath.com

authenticityhacking.com

family-doctor-53205.com

investinstgeorgeut.com

lithoearthsolution.africa

quickhealcareltd.co.uk

delightkgrillw.top

freezeclosettoilet.com

coo1star.com

gemgamut.com

enrichednetworksolutions.com

betterbeeclean.com

Targets

    • Target

      tmp

    • Size

      5.0MB

    • MD5

      5288674c2d9557bd89a0aab4869f1f60

    • SHA1

      687b6337728a7e4fa646bfd1b0ddce84bcedf23d

    • SHA256

      c9bdb8c092e5af89aacb7feae545fa43da02c84f6ac74a3a60cef3f9076c0ca4

    • SHA512

      5305880363570bd0da5ae95fca7b54dfd70e4cb1a090c72a46420d4ce76bdb6b1b56753ef36a57d26cc06012d3028fbbb11c9afa0c6e33ec59b84caf27ad3eff

    • SSDEEP

      49152:RsOS3uqy5zwcdnOJgYGT0f7fVGyfxHN5ixWRAhMGOuhSTDMj:0ebweOJF7Q

    Score
    10/10
    formbookar73ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks