Overview

overview

10

Static

static

1

b4510b5db7...b5.exe

windows7-x64

10

b4510b5db7...b5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d4d6884fc7d0bfd244994a57a299c66.bin

  • Size

    299KB

  • Sample

    230408-bwemkabc92

  • MD5

    4345de9e2005daed560558658fc96292

  • SHA1

    0db24546eaa34a27ffe32147957d9dbd613a56c4

  • SHA256

    c56782b7cd0ef11d6db2fd7e3057c118c7e2eb498979b51828aa784f87a61061

  • SHA512

    3eb428933ee713a3c0c031b561425f87bd924d7e4d0e019c387aedc7055eddb2565dc4ed85db039c3c7ba8aadc3701431c3067eae7ea68125b4db15470b98e45

  • SSDEEP

    6144:s2PBHlJCvrpsN0ObguQ/XXB/SUprJp0BMtedVYU8V7lVT0M74oy4K8Ipx3:NCvOa1v/nsUHpcYeXYR/VTd4v823

Score
10/10
formbookf4caratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

f4ca

Decoy

QYZ6iE9Y+CsiZpCBareS0uU=

N2FQLAaH6xXE

Vc6t0MQXN+Llxsqg

ElBedmSvYGGm6yLDhHqzAtmlCxWl

4VpIWShqHR5cpjfQ4bs=

mepO9miu/iFiQQ==

Z8Owqh54IlwEpDfQ4bs=

qcq4uT5HecWZG3EVwKTiUE7slrGQGiyo

IaYYoJikKDDqgV/NigZCLA==

4Xz5pfoCCW/76NnOUrFEOw==

xiijSkVJ3Yuh9OKDcmui/d2lCxWl

cr8MmfpCEu0ULsO3p6w=

JLm2yKHo7hdVb8O3p6w=

Hriy5svWm2Qfq9mPQib9jJI65gOr

2G3nkRpidunlxsqg

gPHUAeXmi8Q9ARy3

6l5WaOf8BxhQDkp5gKQ=

KHHiXs4WOqXZdPhpaw==

+UQ5Vz5O0Ms9ARy3

pNQygKu0OziAvjOHRGLnJA==

Targets

    • Target

      b4510b5db7db58da65f4d1bd545a5ca892fbd9c8ed6551abd90f64241bdeb4b5.exe

    • Size

      463KB

    • MD5

      4d4d6884fc7d0bfd244994a57a299c66

    • SHA1

      74f63690ee02781983d81405d4acf43bed038c6c

    • SHA256

      b4510b5db7db58da65f4d1bd545a5ca892fbd9c8ed6551abd90f64241bdeb4b5

    • SHA512

      d9f074fd06fd50a2ec887a6219caa123db8bc1590f1e481f48396f42de77b0eaa837f06a4208972e6f64bb3702346ba001ace910dd3a379b0d89b51caa821e27

    • SSDEEP

      6144:A3SUuzCaxOPyxKMQV6WjBZI3kqegi5+ck5hyrGaMvaZecVa+:A3rAePqQhBS3UKy/UcV

    Score
    10/10
    formbookf4caratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks