Overview

overview

10

Static

static

3

61e2a9db8f...8a.exe

windows7-x64

10

61e2a9db8f...8a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    82df9d1ee9b303d453a7ea91d5f574e2.bin

  • Size

    523KB

  • Sample

    240425-b7efyadc5y

  • MD5

    0a67d6aac27d657bb43151bee5ff487d

  • SHA1

    5c09734bda5b822f16c903ef90a0571de485690c

  • SHA256

    b09907806726122d410e726d60702ff11439231957a66f78681cad9bd52b87cd

  • SHA512

    e34626b19ca52e1b54a9f63d0238e8be6f0751a886a71cdb9633154057560a190adecfa45dc207fb06e48516764c8d902272b19b910e127fdc51ac08688b7b80

  • SSDEEP

    12288:qqcY/aCOGOvukn02qpluZrlCR1DmxhEzqxlHN03SbX:bcY/lOm005KRgKhEm/G0X

Score
10/10
formbookij84ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ij84

Decoy

resetter.xyz

simonbelanger.me

kwip.xyz

7dbb9.baby

notion-everyday.com

saftiwall.com

pulse-gaming.com

fafafa1.shop

ihaveahole.com

sxtzzj.com

996688x.xyz

komalili.monster

haberdashere.store

nurselifegng.com

kidtryz.com

ghvx.xyz

1minvideopro.com

hidef.group

stylishbeststyler.space

spx21.com

Targets

    • Target

      61e2a9db8f357380b18ba1017f2ae52d656d2c5f4de8851e244566b8c986d88a.exe

    • Size

      789KB

    • MD5

      82df9d1ee9b303d453a7ea91d5f574e2

    • SHA1

      4b121f046e002ac5e2fbeec21079f6fd4c55d370

    • SHA256

      61e2a9db8f357380b18ba1017f2ae52d656d2c5f4de8851e244566b8c986d88a

    • SHA512

      d685fcd4d408f7421d9546ad82435b555563fddd698e3fc5499204935b0556f7bbf2156c1a60f49cdbdee2a289d122405992cfd0b63a1d59b05b4b545471270c

    • SSDEEP

      12288:2uOpmBwGXjdX32ogZ+g/yHgtK+CVIN5X9yKBg7vjlRziln:ZOpmB3XZnMZ4goi39yKe/DA

    Score
    10/10
    formbookij84ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks