Overview

overview

10

Static

static

1

c9bdb8c092...a4.exe

windows7-x64

10

c9bdb8c092...a4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5288674c2d9557bd89a0aab4869f1f60.bin

  • Size

    1.6MB

  • Sample

    230406-bs993aaf33

  • MD5

    14580606fd4e8f2f77741489fc58ca7d

  • SHA1

    1bd29db8597370f9a76b1333a948e2755a40b059

  • SHA256

    e3814558f69d354860dd073731bf1b4a475937bf663a6c784959d604232e8a88

  • SHA512

    e04ec5d815fa4b2343635c1e41fadc0d3eb3e5201e600a4a546ea2863525475d862f719de5841332d3dddb3f4d2fb1680972241bead5931dba1b45e2f2f5f555

  • SSDEEP

    24576:wYdFoC2rOjVW1QTB+wN1maSMvUbqqRs8Lfc6opDS6r4qKx480CXxB6qBSsUKUI1A:wYdFozX1YJN1m2qtIdDhvUP0E1Ss5UIq

Score
10/10
formbookar73ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ar73

Decoy

classgorilla.com

b6817.com

1wwuwa.top

dgslimited.africa

deepwaterships.com

hkshshoptw.shop

hurricanevalleyatvjamboree.com

ckpconsulting.com

laojiangmath.com

authenticityhacking.com

family-doctor-53205.com

investinstgeorgeut.com

lithoearthsolution.africa

quickhealcareltd.co.uk

delightkgrillw.top

freezeclosettoilet.com

coo1star.com

gemgamut.com

enrichednetworksolutions.com

betterbeeclean.com

Targets

    • Target

      c9bdb8c092e5af89aacb7feae545fa43da02c84f6ac74a3a60cef3f9076c0ca4.exe

    • Size

      5.0MB

    • MD5

      5288674c2d9557bd89a0aab4869f1f60

    • SHA1

      687b6337728a7e4fa646bfd1b0ddce84bcedf23d

    • SHA256

      c9bdb8c092e5af89aacb7feae545fa43da02c84f6ac74a3a60cef3f9076c0ca4

    • SHA512

      5305880363570bd0da5ae95fca7b54dfd70e4cb1a090c72a46420d4ce76bdb6b1b56753ef36a57d26cc06012d3028fbbb11c9afa0c6e33ec59b84caf27ad3eff

    • SSDEEP

      49152:RsOS3uqy5zwcdnOJgYGT0f7fVGyfxHN5ixWRAhMGOuhSTDMj:0ebweOJF7Q

    Score
    10/10
    formbookar73ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks