Overview

overview

10

Static

static

3

dekont.exe

windows7-x64

10

dekont.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dekont.exe

  • Size

    254KB

  • Sample

    230502-nswg5acg5t

  • MD5

    e565eb54f3946e60873367da9405317b

  • SHA1

    88d15f13340db7219c54ddac2bf41b79a200f208

  • SHA256

    db29afaa6283ad55b4fc9abb4def3c06a8e445fc110b112408aabb3937432822

  • SHA512

    4830b199bd8d12bf6de8c7b3e9def5138176ad3cf20f97a15fc9fdffe3c075bf333a8a75ada80e9c670a0096bb94b5061daaa4a1652da364fc0f78893785ae94

  • SSDEEP

    6144:/Ya6oaG6ec/h5g8xYqbvP2Q1lWMEaZrWHRHpwQ0WgT3:/YWaG9c5ZYmpEMRZyHRJw+c3

Score
10/10
formbookme29ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

me29

Decoy

borne-selfie-valence.com

erccore.com

fontebono.com

58619.se

smartmetersystems.co.uk

defrag.team

az-architecture.com

healingthehoard.com

eqde.ru

kingsedubd.com

hoibeebu.net

findbesthomesolution.com

dinkdfw.com

alfa-outlet.com

claritybiometrics.video

lewshopok.cfd

crofton77.online

assetzstat.info

indianhillsequine.com

vetsclosetomylocation.com

Targets

    • Target

      dekont.exe

    • Size

      254KB

    • MD5

      e565eb54f3946e60873367da9405317b

    • SHA1

      88d15f13340db7219c54ddac2bf41b79a200f208

    • SHA256

      db29afaa6283ad55b4fc9abb4def3c06a8e445fc110b112408aabb3937432822

    • SHA512

      4830b199bd8d12bf6de8c7b3e9def5138176ad3cf20f97a15fc9fdffe3c075bf333a8a75ada80e9c670a0096bb94b5061daaa4a1652da364fc0f78893785ae94

    • SSDEEP

      6144:/Ya6oaG6ec/h5g8xYqbvP2Q1lWMEaZrWHRHpwQ0WgT3:/YWaG9c5ZYmpEMRZyHRJw+c3

    Score
    10/10
    formbookme29ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks