Overview

overview

10

Static

static

3

0c3c3c868a...a1.exe

windows7-x64

10

0c3c3c868a...a1.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c3c3c868a9ee2d1c6c14f9fafd757a1.exe

  • Size

    946KB

  • Sample

    231231-p2xxzsecf8

  • MD5

    0c3c3c868a9ee2d1c6c14f9fafd757a1

  • SHA1

    816b112e6027f9d1caec76f78231bd24f6185094

  • SHA256

    df6ade5c4e7c4f0e82aca32d744b6f8762d2dd82a98b7bda97e42748d488a661

  • SHA512

    e71f53fa6a4b2d0c36b7b9d110988e47c11bee51ed33dfbcb1368adc34f10a8e17112cd286f88da637075dc37e1946151edbebb20012dedbb2487e6f18848f2c

  • SSDEEP

    24576:B2wFJMNjRquEyu6nXj4UCmPUUcQfbhvj5CxRT:UwFehkuEGnTVJs9qJ

Score
10/10
formbookvd9nratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vd9n

Decoy

theunwrappedcollective.com

seckj-ic.com

tyresandover.com

thetrophyworld.com

fonggrconstruction.com

hopiproject.com

sktitle.com

charlotteobscurer.com

qjuhe.com

girlzglitter.com

createmylawn.com

hempcbgpill.com

zzdfdzkj.com

shreehariessential.com

226sm.com

getcupscall.com

neuralviolin.com

sanskaar.life

xn--fhqrm54yyukopc.com

togetherx4fantasy5star.today

Targets

    • Target

      0c3c3c868a9ee2d1c6c14f9fafd757a1.exe

    • Size

      946KB

    • MD5

      0c3c3c868a9ee2d1c6c14f9fafd757a1

    • SHA1

      816b112e6027f9d1caec76f78231bd24f6185094

    • SHA256

      df6ade5c4e7c4f0e82aca32d744b6f8762d2dd82a98b7bda97e42748d488a661

    • SHA512

      e71f53fa6a4b2d0c36b7b9d110988e47c11bee51ed33dfbcb1368adc34f10a8e17112cd286f88da637075dc37e1946151edbebb20012dedbb2487e6f18848f2c

    • SSDEEP

      24576:B2wFJMNjRquEyu6nXj4UCmPUUcQfbhvj5CxRT:UwFehkuEGnTVJs9qJ

    Score
    10/10
    formbookvd9nratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks