Overview

overview

10

Static

static

3

wkUOj276sJEoMFq.exe

windows7-x64

10

wkUOj276sJEoMFq.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    wkUOj276sJEoMFq.exe

  • Size

    594KB

  • Sample

    240528-jhh2tsbc6s

  • MD5

    34b8885c737fa78ecc68c1bf0628f8c0

  • SHA1

    32936d1bce243a085c81147f1d569a1c20c44bb2

  • SHA256

    380c21fd37cafa3619196df7b6337783921656dbf58f1f54b63c74ad411421e0

  • SHA512

    ed336237c0f5c038a1ffd2646b38c1d4cd6f4133e2be0f645f25a9e0b844c3f8f69aa6bcde18a072cc57da434006914ded57e2779084e0244dbbf44a3f193196

  • SSDEEP

    12288:zQ3yvK/bBMqQOa/71j+zmxnHJaA8YPGTU+aJczbxLedJJ4iav2hcll0WEm:+yqBMqQOiLnoYeyqzbxuv4im2hcT0fm

Score
10/10
formbookcr12ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cr12

Decoy

nff1291.com

satyainfra.com

hechiceradeamores.com

jfgminimalist.com

qut68q.com

pedandmore.com

sugardefender24-usa.us

somalse.com

lotusluxecandle.com

certificadobassetpro.com

veryaroma.com

thehistoryofindia.in

33155.cc

terastudy.net

84031.vip

heilsambegegnen.com

horizon-rg.info

junongpei.website

winstons.club

henslotalt.us

Targets

    • Target

      wkUOj276sJEoMFq.exe

    • Size

      594KB

    • MD5

      34b8885c737fa78ecc68c1bf0628f8c0

    • SHA1

      32936d1bce243a085c81147f1d569a1c20c44bb2

    • SHA256

      380c21fd37cafa3619196df7b6337783921656dbf58f1f54b63c74ad411421e0

    • SHA512

      ed336237c0f5c038a1ffd2646b38c1d4cd6f4133e2be0f645f25a9e0b844c3f8f69aa6bcde18a072cc57da434006914ded57e2779084e0244dbbf44a3f193196

    • SSDEEP

      12288:zQ3yvK/bBMqQOa/71j+zmxnHJaA8YPGTU+aJczbxLedJJ4iav2hcll0WEm:+yqBMqQOiLnoYeyqzbxuv4im2hcT0fm

    Score
    10/10
    formbookcr12ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks