Overview

overview

10

Static

static

3

PRE ALERT NOTICE.exe

windows7-x64

10

PRE ALERT NOTICE.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    PRE ALERT NOTICE.zip

  • Size

    338KB

  • Sample

    230705-g7rn6aah26

  • MD5

    6d48a78b753680edb7e77c981fff881b

  • SHA1

    1860765eb3afb12435f753e462eedbb10654b863

  • SHA256

    98bd42ffde587cd0bdb6dde4a62f72a9d20c5caeaadd7479623666a7bfa867b6

  • SHA512

    73e47f44cf2ac0bc89b8eca40ffd8745cfba7948625758bd610d1a176f6376f81c941dfb92990f29d4fa0e0a19d295f31f97feb2c7e4d7d9298efaa91d46cefb

  • SSDEEP

    6144:dpU8PLqd3tS15mDotfLvw6gMEFG0Dxezyq+GAbgpYY3y8eBkKxM+o3VMkfM:jPLz5mMtfLtOFvkzz+GAbmbC8eAMqM

Score
10/10
formbooks28ypersistenceratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s28y

Decoy

whytry.shop

readyconcreto.com

redbudvending.com

prosblogs.com

litescales.sbs

campinglager.beer

serenitysuite.health

starbytescafe.com

youbi.cyou

hg301d.cfd

nissanvideos.com

kedou25.com

relovedresses.com

contourbioinc.com

usrinfo.top

i8ep58.cfd

wildcatcreekhomes.com

mpocash.mobi

shisokj.vip

jiangwan.top

Targets

    • Target

      PRE ALERT NOTICE.exe

    • Size

      352KB

    • MD5

      69c2be41eea373b5fd86c88464868064

    • SHA1

      af52386882ee00e91425ebce6fb409b36cd49d2c

    • SHA256

      ec9d091c881ad4da6f5e77f947c2723b1aa374fbf373931871c767dfb9cabb0e

    • SHA512

      b5fe4d6fb8276552a1c16b2ec94341e549401a71645d7ab26b53dc63e20de7201cfa28ab543459951a8f50c2049974533c82083c95c353b1e9ac4ceed41fbbc4

    • SSDEEP

      6144:vYa6cmu5R3tS1ZmDoPfLLw6gCeF00DxKzMu+GAPgnYyXy8eBkoxG+o3V6kfm:vYSz5eZmMPfLhEFBszj+GAPeLi8e+6qm

    Score
    10/10
    formbooks28ypersistenceratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks