Overview

overview

10

Static

static

3

57ec8609c4...89.exe

windows7-x64

10

57ec8609c4...89.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    57ec8609c4c4bdc9c6249a30ba59b489.exe

  • Size

    575KB

  • Sample

    240112-qlm9aaggan

  • MD5

    57ec8609c4c4bdc9c6249a30ba59b489

  • SHA1

    437cfeb671c04f5393cf0732bf602d3fae226501

  • SHA256

    861f5ebaad65712e0c699fe6fad2f63cca3f35759ed92f44db0d6d089889d209

  • SHA512

    860496bfa148c6c69416797ceacb2085f317833474d8a018b66da142f4ca167096b5c9f7988b99159236d0325d1435db3b515d7a84ea3f13cc548ad968ee1e58

  • SSDEEP

    12288:rt7mabxvMpkqMULiBlw6xIZJNSWer9HtiHusQpwc962vpX:R6KxvMKqMMip2J8jiHuso6

Score
10/10
formbookhe09ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

he09

Decoy

clhear.com

maythunguyen.com

xiongmaoaijia.com

kembangzadsloh.xyz

speedwagner.com

360bedroom.com

campereurorg.top

cwxg2.site

mcdlibre.live

globigprimecompanylimited.com

1707102023-stripe.com

xhfj5.site

mugiwaranousopp.xyz

texmasco.com

sc9999.net

lite.team

8xb898.com

cibecuetowing.top

mgplatinemlak.xyz

southwestharborkeyword.top

Targets

    • Target

      57ec8609c4c4bdc9c6249a30ba59b489.exe

    • Size

      575KB

    • MD5

      57ec8609c4c4bdc9c6249a30ba59b489

    • SHA1

      437cfeb671c04f5393cf0732bf602d3fae226501

    • SHA256

      861f5ebaad65712e0c699fe6fad2f63cca3f35759ed92f44db0d6d089889d209

    • SHA512

      860496bfa148c6c69416797ceacb2085f317833474d8a018b66da142f4ca167096b5c9f7988b99159236d0325d1435db3b515d7a84ea3f13cc548ad968ee1e58

    • SSDEEP

      12288:rt7mabxvMpkqMULiBlw6xIZJNSWer9HtiHusQpwc962vpX:R6KxvMKqMMip2J8jiHuso6

    Score
    10/10
    formbookhe09ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks