Overview

overview

10

Static

static

3

e57a006770...18.exe

windows7-x64

10

e57a006770...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b8649ca1e287d365304829aa2aaaea9ea025d0ee451aca0de5ce81326cd90fc0

  • Size

    611KB

  • Sample

    240417-r593tseb9x

  • MD5

    37c404e5898b35dd37474ded20f559e5

  • SHA1

    8f5a0009aa13a1cfca230fcbb058507efb282b75

  • SHA256

    b8649ca1e287d365304829aa2aaaea9ea025d0ee451aca0de5ce81326cd90fc0

  • SHA512

    a449a84628fb81980d210c93eeaf299462fe46bbcfa204b6ccf7b30175c53306fc8315e177cd24371f0cf50cacdcab08d09c3b50c0344a1214703c8fc4100050

  • SSDEEP

    12288:49ywZmpkB5Esyw3+PxGT2oD72fKOrwk2dP/edx/jF55Y0r:oyIzysv+PgTTYrbuWdx7Rx

Score
10/10
formbookjk56ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jk56

Decoy

kizuna2.vip

puravivemofficial.store

54xz.vip

sanifulimited.com

somersworthtowing.top

pchsedmonton.com

zbtltex.com

basyekeyword.top

roguexdayz.com

everskincare.shop

kpsnkn.wiki

mm272.site

artisticwebart.com

burduremlakilan.com

begrafeniskaarsen.com

kartepekonaklamarehberi.com

go-onlineworld.com

worleud.net

pilihganjar.com

themagtimes.com

Targets

    • Target

      e57a006770c082e10b1d0821fdae309f5f76b5c1f9f209a9b6edae90c13dc718.exe

    • Size

      639KB

    • MD5

      1b225b72fbc08f95e76634dc39a25b1a

    • SHA1

      8714ae6989ef49dd4563bfb6462e233739f269e7

    • SHA256

      e57a006770c082e10b1d0821fdae309f5f76b5c1f9f209a9b6edae90c13dc718

    • SHA512

      8c82e161c3474f049223c3b23f2316c99590c60ee81ecfdd43836c6e93339082ad06c5022ed4caabba0662128b3cf2c45c2296ea845c1325f2ae5b9655055d40

    • SSDEEP

      12288:609d2iNjJz/IIHF3fKqHYTK80lwcAS05JgxGOkSBnIeEvu5Ni30VTCF6DJMw5iX:9n1NJz/IIHFv9HUKt05+xsSKeEvuWuVC

    Score
    10/10
    formbookjk56ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks