Overview

overview

10

Static

static

3

5134138e30...03.exe

windows7-x64

3

5134138e30...03.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4be4e38f02b825eebbd742b46011e7f017cae720cb6ecff58ddb58d2b0398076

  • Size

    627KB

  • Sample

    240417-satb9sdb38

  • MD5

    e3ae37576fdb07f396af90ee6b4b18ea

  • SHA1

    19b8ecd5fb40926840d2780d0214b7a3efb8f1fd

  • SHA256

    4be4e38f02b825eebbd742b46011e7f017cae720cb6ecff58ddb58d2b0398076

  • SHA512

    a0b1b1df203e8e38ce0767f663359c9c8b72c6ff29430380b4cc5855976055a10505aac1cebda086f7f610ac9350db9f0cd10c733d1f35d4ad1d3eda02845414

  • SSDEEP

    12288:QR3T6NJRkpLRmUyyXf7L+Vk8qVeykskaQ3Uu1x8FW3T/iou:QFTIJRkpLRmUyyXfuVYgPso1x8Fjou

Score
10/10
formbookwd23ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wd23

Decoy

aibioinnovations.com

healthscienceexperhelp.com

by5fyvjghfg.work

badmintonguide.info

workspace365.biz

us-highprint.shop

bathroomfixa.com

chilewheelsadventure.com

ztg.life

imile.fun

numerocelular.net

liganumerologov.online

nixatowing.top

taxsavvyinc.pro

premiumgifthub.com

pwbj6.site

byronwaller.store

doityourselfwealth.com

birchwoodkeyword.top

zf8egr.xyz

Targets

    • Target

      5134138e30037482cf3fee2a5c98ffb05cb45acf6e6012757f18a2f1c92a6a03.exe

    • Size

      719KB

    • MD5

      ff75187c405c0486b7d3ae5499d28772

    • SHA1

      57f793d08d93e8b5b5c9142168726ffd19ff0b0a

    • SHA256

      5134138e30037482cf3fee2a5c98ffb05cb45acf6e6012757f18a2f1c92a6a03

    • SHA512

      9a5a7ab3b07dd5453a2f7930a525f70c10809f3354a5b63541d69dbda05c6aa21af24d3d56552270dca3c89b4162b53a8338fdd6026a178688c45042b63c2978

    • SSDEEP

      12288:Gk5Vxdeh8V/SiC00YkQPvg1SL6Zt3D+wDSkdsj3K8MiRk8RXqpr:dVxd72PYkQPYwL6Zt3DrDbK3JMSlU

    Score
    10/10
    formbookwd23ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks