Overview

overview

10

Static

static

3

359834dcc2...51.exe

windows7-x64

10

359834dcc2...51.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    927a724573affe7c087e4de249e116bd55771dca3ba795cc8770524764eb22f7

  • Size

    617KB

  • Sample

    240417-sagcpsdb22

  • MD5

    1af1b9f8d156a72228e971b1fe57d1db

  • SHA1

    6b0de582102e6bf3d8c732b251c84937b5a6862b

  • SHA256

    927a724573affe7c087e4de249e116bd55771dca3ba795cc8770524764eb22f7

  • SHA512

    ecc4c6239c94ea2836dcf466f0fe36bbb62ce9a298bd38c6c819ce9511c6ef0f7e01b472c7bfc49e5db5b735771ed36099eea95310197cc36d453ec02dd466d4

  • SSDEEP

    12288:U5Xhx8ZKCNdSh2oO2Os1NjXnRwzd9R4N7qTCZjQzdjGKvJjR:U5Xhx81RoOu1NjGp9G78djGKf

Score
10/10
formbookwd23ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wd23

Decoy

aibioinnovations.com

healthscienceexperhelp.com

by5fyvjghfg.work

badmintonguide.info

workspace365.biz

us-highprint.shop

bathroomfixa.com

chilewheelsadventure.com

ztg.life

imile.fun

numerocelular.net

liganumerologov.online

nixatowing.top

taxsavvyinc.pro

premiumgifthub.com

pwbj6.site

byronwaller.store

doityourselfwealth.com

birchwoodkeyword.top

zf8egr.xyz

Targets

    • Target

      359834dcc2af3dcbdccb1c13f186c74179a998fe02cbc02afce017c69f717351.exe

    • Size

      694KB

    • MD5

      d1590c9f8838d546a8bb573d0269c224

    • SHA1

      7fddd16d3c7b8aa66605b47f52db8f3e4544112b

    • SHA256

      359834dcc2af3dcbdccb1c13f186c74179a998fe02cbc02afce017c69f717351

    • SHA512

      3591ea67c0d80673794a338649b5575aa16f4e8984793b73d4ce1db40b4e2a740a7409868a9414f88251f17c7774e0f772bea2dbd57517be6a1cfcff9c25e203

    • SSDEEP

      12288:S3jOfbOdeh8V/J2xJXU8fmFKGv1K/XWFhTeKbrI37RQpMdooxl:gd7T2XzuKc1EmFjb03lQudoQ

    Score
    10/10
    formbookwd23ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks