Overview

overview

10

Static

static

10

2884-125-0...ry.exe

windows7-x64

1

2884-125-0...ry.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    2884-125-0x0000000000400000-0x000000000042F000-memory.dmp

  • Size

    188KB

  • Sample

    230801-rh3egagb86

  • MD5

    ea90344d53d03af96cd48ababda02fd5

  • SHA1

    8d9666a63db920f7e92bbeacab57d25b898480e0

  • SHA256

    fb6768aecfd2b20c77603219645eae2daedff296a465c0a7b9d25eb92b5aaaf9

  • SHA512

    536297b560918ef6d7804716f7c04a082025144a90f9010ad69fecd325d413235508fb6c680b998599c26a27b12c8a7400ad9ec3f5335e98517224d8a3f1dc49

  • SSDEEP

    3072:qlpyE9Y0CUHp1IdunpGrySy++Nyy65H/1YFlgpOvy2:Ybp6QnpGrySy/NP65HW4O

Score
10/10
formbookfd62rat

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fd62

Decoy

huishenghuo19.com

nudinjex.cfd

tp0002.com

ferdilo.com

misuzbja.cfd

kjnzieai.cfd

cheebetoops.com

kosovomentoring.com

pkxizqpubuunb.com

destinysoftworks.com

izkvdchd.cfd

soc34m.com

boundgrow.com

goushengle.com

neflredneckcustoms.com

czsygpx.xyz

hauteyardsale.com

aqpqt.top

cnnc7007.shop

openaccesplatform.com

Targets

    • Target

      2884-125-0x0000000000400000-0x000000000042F000-memory.dmp

    • Size

      188KB

    • MD5

      ea90344d53d03af96cd48ababda02fd5

    • SHA1

      8d9666a63db920f7e92bbeacab57d25b898480e0

    • SHA256

      fb6768aecfd2b20c77603219645eae2daedff296a465c0a7b9d25eb92b5aaaf9

    • SHA512

      536297b560918ef6d7804716f7c04a082025144a90f9010ad69fecd325d413235508fb6c680b998599c26a27b12c8a7400ad9ec3f5335e98517224d8a3f1dc49

    • SSDEEP

      3072:qlpyE9Y0CUHp1IdunpGrySy++Nyy65H/1YFlgpOvy2:Ybp6QnpGrySy/NP65HW4O

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks