Overview

overview

10

Static

static

3

Request Fo...__.exe

windows7-x64

10

Request Fo...__.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7808b3979d9d45c5d260e9f771050904_JC.bin

  • Size

    531KB

  • Sample

    230901-tdehysff9x

  • MD5

    23fb10905d755b190b629f09d50e45c8

  • SHA1

    2bedf838bd63cddfd6470c5ce35bde1820c8dc20

  • SHA256

    7998814b84f210689bf322b6867119f150c8cc76439cdc3632c8e212fd91f5e9

  • SHA512

    210bf66dc2b217633f2fbbeffdd182b27bf000a3839de195fbb7ec7c855a37bd630cd953a31ec19035f022de8d84bb2e206e62d2e202caecc968e09f129dbb39

  • SSDEEP

    12288:W7C6H9bfMLYlPflOrqcDlVASxenUn/e1l39FJRpIVWYWIN37atk:W7C6H9bfM4fjcDlT4cg39FlYf1

Score
10/10
formbookgg62ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gg62

Decoy

refrigerators-pk.today

jajifi.fun

fivonworld.com

rangbangs.com

server-dell.com

jefevirtual.com

jobode.info

grindhardgarage.com

gaoxiba168.com

thekotturfund.com

taberla.com

santorinieshop.com

ajptqqex.click

johnjaen.com

innovantdev.com

mjofvsea2.com

yun0796.com

rokovoko.nexus

tuabogado.gratis

jqinnovation.online

Targets

    • Target

      Request For Price and Availability_PDF____.exe

    • Size

      554KB

    • MD5

      7247c2f218df48a7bd824f33f86b1760

    • SHA1

      675a63f975c572ce3c761688a8224e80bce90cd0

    • SHA256

      3c37386f3be133776e9754f751b88396a17d0030105646d373e82e8e0a79fe3c

    • SHA512

      4051997473e621298980c0a0e44548f3bd648c70ac79afb10e96ea995570f3754a600aec823abab285dd370b033f8913642316f0c87e7d97b210ee30582ea372

    • SSDEEP

      12288:8ud04ufv0zINbr57FQ6gUNYitOrlrFpIrlO+A:Rd+f3BQ6gUGVlrgr

    Score
    10/10
    formbookgg62ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Blocklisted process makes network request

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks