Overview

overview

10

Static

static

1

fda6fab33a...e1.exe

windows7-x64

10

fda6fab33a...e1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fda6fab33a82e877a04f4a49e6beec5a7e4f4bf5847851582a9bc211ab009ae1

  • Size

    265KB

  • Sample

    230408-hylxzsec8v

  • MD5

    768c4d4ea9504c2363de391a4b3fe921

  • SHA1

    57fe92563cc5e6746a6da4800bb561ae0186375e

  • SHA256

    fda6fab33a82e877a04f4a49e6beec5a7e4f4bf5847851582a9bc211ab009ae1

  • SHA512

    34fbc91a3b45a5d2631ebff44cdbb1226f41446548600f60e0d12c0fe3868afa6c3e27057f8abe1b0508a342e53074ffef741ec54b67cb2dfa8901a297438fbe

  • SSDEEP

    6144:/Ya6mixpnPppladuAffgWV1Yb+QPn6EhjeVxvHAEp:/Y4YplaE6fgA1Yyon6EVep

Score
10/10
formbookar73ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ar73

Decoy

classgorilla.com

b6817.com

1wwuwa.top

dgslimited.africa

deepwaterships.com

hkshshoptw.shop

hurricanevalleyatvjamboree.com

ckpconsulting.com

laojiangmath.com

authenticityhacking.com

family-doctor-53205.com

investinstgeorgeut.com

lithoearthsolution.africa

quickhealcareltd.co.uk

delightkgrillw.top

freezeclosettoilet.com

coo1star.com

gemgamut.com

enrichednetworksolutions.com

betterbeeclean.com

Targets

    • Target

      fda6fab33a82e877a04f4a49e6beec5a7e4f4bf5847851582a9bc211ab009ae1

    • Size

      265KB

    • MD5

      768c4d4ea9504c2363de391a4b3fe921

    • SHA1

      57fe92563cc5e6746a6da4800bb561ae0186375e

    • SHA256

      fda6fab33a82e877a04f4a49e6beec5a7e4f4bf5847851582a9bc211ab009ae1

    • SHA512

      34fbc91a3b45a5d2631ebff44cdbb1226f41446548600f60e0d12c0fe3868afa6c3e27057f8abe1b0508a342e53074ffef741ec54b67cb2dfa8901a297438fbe

    • SSDEEP

      6144:/Ya6mixpnPppladuAffgWV1Yb+QPn6EhjeVxvHAEp:/Y4YplaE6fgA1Yyon6EVep

    Score
    10/10
    formbookar73ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks