Overview

overview

10

Static

static

3

EJbinzx.exe

windows7-x64

10

EJbinzx.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    EJbinzx.exe

  • Size

    539KB

  • Sample

    240418-pat21scg74

  • MD5

    37e853f3f2cdaea613d1fcc317fa5795

  • SHA1

    51bfdbb26dc7c497288165e5154be9d5ca0a8e20

  • SHA256

    0eab8b2bd23f7d06734b61ba357c9fab1d97758eeb5afe2bd89fc293b88a8674

  • SHA512

    b4f2be2fe009225d160003d57cf44b8a900775943f36e93e0d7343673de041ae4a632f46a3685027ad2d081123726cdc34b3c24335054c52d204b8b746ed680e

  • SSDEEP

    12288:LEX0COq13ivCe7V+lTX9y/d0XoKRJ66+Scj5xqAjxUPy:i13iqe7VQpYK/oScT

Score
10/10
formbookpui9ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pui9

Decoy

ukhcvu.cfd

hellofare.xyz

58452295.com

metalworks7.today

bells-club.com

worlditems.shop

gracehairus.com

insightpsychiatrywellness.com

bvg737.com

hcq.lat

found-of-166gu63li.com

hazcube.online

zagrosfoods.com

bjhtxxsc.com

rc-irk.net

bassement-seccures.sbs

elohiyminfotech.com

akiherock.online

351spaz.store

bj-up.asia

Targets

    • Target

      EJbinzx.exe

    • Size

      539KB

    • MD5

      37e853f3f2cdaea613d1fcc317fa5795

    • SHA1

      51bfdbb26dc7c497288165e5154be9d5ca0a8e20

    • SHA256

      0eab8b2bd23f7d06734b61ba357c9fab1d97758eeb5afe2bd89fc293b88a8674

    • SHA512

      b4f2be2fe009225d160003d57cf44b8a900775943f36e93e0d7343673de041ae4a632f46a3685027ad2d081123726cdc34b3c24335054c52d204b8b746ed680e

    • SSDEEP

      12288:LEX0COq13ivCe7V+lTX9y/d0XoKRJ66+Scj5xqAjxUPy:i13iqe7VQpYK/oScT

    Score
    10/10
    formbookpui9ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks