Overview

overview

10

Static

static

3

shegro2.1.exe

windows7-x64

10

shegro2.1.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    shegro2.1.exe

  • Size

    236KB

  • Sample

    230628-rgcsesaf8t

  • MD5

    fe7fb44408912cfcc134fece3697776b

  • SHA1

    f4ba9fd0270bcd4ce6090e950cdeae5bd9880432

  • SHA256

    2a8783a8fa5d2994fdce8d2bce2aeb59434d13534e9f13ccae8de38f72f0798f

  • SHA512

    f3848e8410fa82a497634f6888f19483cb6f65a7a16d1b85921d0d3e2e710c167b82dd27ab163cf83270a3bcc2cdeed7b6264c084c37b1a887e35c1b492f86db

  • SSDEEP

    6144:PYa6erNOk21nYN/GQT/J/gUNF8vx+SdJmdMmitT:PYIJEYN/GiJ4GF8vx3dJmdZG

Score
10/10
formbooksy18ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sy18

Decoy

mgn4.com

gemellebeauty.com

emj2x.top

melissamcduffee.com

holangman.top

cqmksw.com

pinax.info

u2sr03.shop

weighing.xyz

jetcasinosite-official6.top

xyz.ngo

suandoc.xyz

aboutwean.site

stockprob.com

bawdydesignz.com

buddybooster.net

scuderiaexotics.com

design-de-interiores.wiki

shipsmartstore.com

patricklloydrunning.com

Targets

    • Target

      shegro2.1.exe

    • Size

      236KB

    • MD5

      fe7fb44408912cfcc134fece3697776b

    • SHA1

      f4ba9fd0270bcd4ce6090e950cdeae5bd9880432

    • SHA256

      2a8783a8fa5d2994fdce8d2bce2aeb59434d13534e9f13ccae8de38f72f0798f

    • SHA512

      f3848e8410fa82a497634f6888f19483cb6f65a7a16d1b85921d0d3e2e710c167b82dd27ab163cf83270a3bcc2cdeed7b6264c084c37b1a887e35c1b492f86db

    • SSDEEP

      6144:PYa6erNOk21nYN/GQT/J/gUNF8vx+SdJmdMmitT:PYIJEYN/GiJ4GF8vx3dJmdZG

    Score
    10/10
    formbooksy18ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks