Overview

overview

10

Static

static

3

Documents.exe

windows7-x64

10

Documents.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Documents.exe

  • Size

    681KB

  • Sample

    230515-mescwaab8y

  • MD5

    efcce655c9185b4a1aee1f2e8aa9867e

  • SHA1

    a1ccb86cc0d0c073d8500f498a9a5e592172e1a9

  • SHA256

    5a056284d1d1ed301db9889707086b4f90527b0e22965fc3a01cc1abd97a2972

  • SHA512

    a5b5519be7fdb7955a3f90b810f81ae2d72a013946c4ca53cfc4a93843a4f2e7c9d48f3b9b8ffeb5a64428bd270e0a776b12a9df36a52086a03560fd8c9adf65

  • SSDEEP

    12288:DysS9HkVoHI+KSiNHiNoDupsNztjDAfB/hRinA0vocxzpiQ:3sI+BgCGi+Hjcf0AQoszM

Score
10/10
formbookm82ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m82

Decoy

jamesdevereux.com

artificialturfminneapolis.com

hongmeiyan.com

lojaderoupasbr.com

yit.africa

austinrelocationexpert.com

saiva.page

exitsategy.com

chochonux.com

klosterbraeu-unterliezheim.com

byseymanur.com

sblwarwickshire.co.uk

brazimaid.com

ciogame.com

bronzesailing.com

dwkapl.xyz

022dyd.com

compassandpathwriting.com

alphabet1x.com

selfcleaninghairbrush.co.uk

Targets

    • Target

      Documents.exe

    • Size

      681KB

    • MD5

      efcce655c9185b4a1aee1f2e8aa9867e

    • SHA1

      a1ccb86cc0d0c073d8500f498a9a5e592172e1a9

    • SHA256

      5a056284d1d1ed301db9889707086b4f90527b0e22965fc3a01cc1abd97a2972

    • SHA512

      a5b5519be7fdb7955a3f90b810f81ae2d72a013946c4ca53cfc4a93843a4f2e7c9d48f3b9b8ffeb5a64428bd270e0a776b12a9df36a52086a03560fd8c9adf65

    • SSDEEP

      12288:DysS9HkVoHI+KSiNHiNoDupsNztjDAfB/hRinA0vocxzpiQ:3sI+BgCGi+Hjcf0AQoszM

    Score
    10/10
    formbookm82ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks