Overview

overview

10

Static

static

3

atlasmysj4799.exe

windows7-x64

10

atlasmysj4799.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    atlasmysj4799.exe

  • Size

    662KB

  • Sample

    230513-2qjx7shf25

  • MD5

    94cf44254f5691f058a2f6df5e8ec4c8

  • SHA1

    f9a6e73b208e56007b04c7086d047874e4508713

  • SHA256

    540c181beb778359eea5bd699310b2cebd8017d5286d408b1abf12e1228b7b9d

  • SHA512

    0e48608940c00770117d069cc71570d778ce73b7c113e97974cc66fd3e3889852e70912d9298c4c30a4bd288e859b0c0322717b2eb9af315b1af1a210971a29a

  • SSDEEP

    12288:X2iN65lBHxqd5h26MZqIv7c6+E+dTEm8+CNesDZs:X1E5lBRqd5kLp7lf+9Eqs9Zs

Score
10/10
formbookgtt8ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gtt8

Decoy

thesuccessbot.com

rittercivil.com

jt1.fun

d365extension.com

quqoxeq.top

visittworiverswi.com

bfprotienda.com

greenhabitsph.com

ladmere.com

clockboutiques.com

minwart.xyz

xinyuejiancai.online

eggsl.com

fetchingcandles.com

skywatiniya.com

hinkley.news

realityonlineenterprises.com

teamcroissant.com

esfera-pv.ch

herdadedosmontesbastos.com

Targets

    • Target

      atlasmysj4799.exe

    • Size

      662KB

    • MD5

      94cf44254f5691f058a2f6df5e8ec4c8

    • SHA1

      f9a6e73b208e56007b04c7086d047874e4508713

    • SHA256

      540c181beb778359eea5bd699310b2cebd8017d5286d408b1abf12e1228b7b9d

    • SHA512

      0e48608940c00770117d069cc71570d778ce73b7c113e97974cc66fd3e3889852e70912d9298c4c30a4bd288e859b0c0322717b2eb9af315b1af1a210971a29a

    • SSDEEP

      12288:X2iN65lBHxqd5h26MZqIv7c6+E+dTEm8+CNesDZs:X1E5lBRqd5kLp7lf+9Eqs9Zs

    Score
    10/10
    formbookgtt8ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks