Overview

overview

10

Static

static

1

e95742503c...3a.exe

windows7-x64

10

e95742503c...3a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e95742503cd258666b61c5dde8a9003a.exe

  • Size

    1.2MB

  • Sample

    230608-hlxtqade8w

  • MD5

    e95742503cd258666b61c5dde8a9003a

  • SHA1

    cee3b32cbbcec87c7393a066012e6a2479867d4f

  • SHA256

    f52f3c64c7e5729b929919c449f9087899823470d11335c5dad97f8c19ce2679

  • SHA512

    d2fad4e9bd20551bf89c15e86806a76f2dddb7702666b15fb64005effea01fcbe0087f3424c7f867e9ffa8021647e118f222595b43c039ce76fe9a33c7922fdd

  • SSDEEP

    24576:7Pw6DkT6kfGME6G3VibpHIdebodR6jlKFtQVUv+iP8o79bO+s:75gTvG32poHRS2tQuWikK9js

Score
10/10
formbookguloaderxchudownloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

xchu

Decoy

zcartoons.com

castilloshowroom.com

3bmmdtod.life

misaxoxo.com

nadiya.online

sykkbup29.xyz

triciaaprimrosevp.com

newleter.com

ptzslk.xyz

lightbulbfestival.com

texaslandline.com

ideeintemporelle.com

girljustdoitpodcast.com

medimediamarketing.com

bunk7outfitters.com

charlievgrfminnick.click

lifestyleinthehome.com

atfbestsale.online

frontdoorproperties.co.uk

grandpaswag2024.info

Targets

    • Target

      e95742503cd258666b61c5dde8a9003a.exe

    • Size

      1.2MB

    • MD5

      e95742503cd258666b61c5dde8a9003a

    • SHA1

      cee3b32cbbcec87c7393a066012e6a2479867d4f

    • SHA256

      f52f3c64c7e5729b929919c449f9087899823470d11335c5dad97f8c19ce2679

    • SHA512

      d2fad4e9bd20551bf89c15e86806a76f2dddb7702666b15fb64005effea01fcbe0087f3424c7f867e9ffa8021647e118f222595b43c039ce76fe9a33c7922fdd

    • SSDEEP

      24576:7Pw6DkT6kfGME6G3VibpHIdebodR6jlKFtQVUv+iP8o79bO+s:75gTvG32poHRS2tQuWikK9js

    Score
    10/10
    formbookguloaderxchudownloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Formbook payload

      rat

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks