Overview

overview

10

Static

static

3

8ab205dc4d...6a.exe

windows7-x64

10

8ab205dc4d...6a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    758be6348766dc3d14c8c122a7ea4967583fb76ea36a4a8ca8e9973eff7b526f

  • Size

    629KB

  • Sample

    240417-pyf53ahb21

  • MD5

    5740aa097d3c302d7aadd9cddc75f88b

  • SHA1

    9d9eca893c7457149c8637dd4604f488a717a44e

  • SHA256

    758be6348766dc3d14c8c122a7ea4967583fb76ea36a4a8ca8e9973eff7b526f

  • SHA512

    7599eaafc4c402ad45c8c7f3eabd6493c516028f3c37c9827ce4d8d36e5e0626bd3262fe76fa5c0fe842128cbaa7f481dfa5266ea59c451abb6458690e740cd0

  • SSDEEP

    12288:iqIRig4kivjcpl1MB0PQel9Xnyu0VIt+vou7YaCN+yv:iqzkivjY8Bnel9Xyu0ZwuQ0e

Score
10/10
formbookfs83ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fs83

Decoy

blastol.space

tomwalkerisfalco.com

us-sumatrraslimbellytonic.com

drywallandpaintingservice.com

vntapp.net

passportpages.site

at-mim.com

yeondagoods.com

teomanyildirim.com

paygame.site

senze.art

alhandco.com

9831bsej.xyz

traumatic.xyz

sos-soutien.com

thetechnolgy.live

washing-machine-46612.bond

marvsneakers.com

shequbaike.net

xc4f35fg4h35fg4h53.top

Targets

    • Target

      8ab205dc4d6f7c232cf9e2047a6abf4b2bb6425258cefeaf9b05e922c8229c6a.exe

    • Size

      672KB

    • MD5

      efc1aecb2febb98362434f147e63d852

    • SHA1

      924abf59555a3b57e0a48f5ffb63732ac6969045

    • SHA256

      8ab205dc4d6f7c232cf9e2047a6abf4b2bb6425258cefeaf9b05e922c8229c6a

    • SHA512

      edb6f959093546fcf4b4379d3110c829dc620914cd0680d6166b053520e012fe54833218afd76c3f28eb119c551c650f3251b03af48b244c5116069d73338c37

    • SSDEEP

      12288:gtNR4EoOBKMNHlg5yjFqYG6W0KDyMBu34T9NwdooIqVN5hxhwaJX6gtnSHjP:CoOBrBltZSqtAu34THgamuwX3ajP

    Score
    10/10
    formbookfs83ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks