Overview

overview

10

Static

static

3

RFQ_10070724.exe

windows7-x64

3

RFQ_10070724.exe

windows10-2004-x64

10

Resubmissions

06-08-2024 12:43

240806-pxy99atbrd 10

06-08-2024 12:05

240806-n9fs1aydlr 3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ_10070724.ace

  • Size

    220KB

  • Sample

    240806-pxy99atbrd

  • MD5

    81ddea3c89b81f471cdd94315102c3fa

  • SHA1

    b1e068d551ff90bd0a0bdb7020541f00fcd40478

  • SHA256

    818a8e96f410318b38e3433c741a108787ebe8bf4e9d766f3dd788b4cee23251

  • SHA512

    7ace066e6a176dd62ecf95ee5f9c166852a31c08d5009257249ddf0b6360efc84f6abf355e8667b5ae52944264e221c4fd915b874132f9089b37f9c5b5a573ca

  • SSDEEP

    3072:JPMVcGxky/2p82/NXMgDLGxByKdWdlDED9ko/7i6KJieB93UpdGQVhAIZ+g:JNGSw2ekX/DiKs5Jko/75Kl23LAI9

Score
10/10
formbookna10discoveryratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

na10

Decoy

tetheus.com

ventlikeyoumeanit.com

tintbliss.com

rinabet357.com

sapphireboutiqueusa.com

abc8bet6.com

xzcn3i7jb13cqei.buzz

pinktravelsnagpur.com

bt365038.com

rtpbossujang303.shop

osthirmaker.com

thelonelyteacup.com

rlc2019.com

couverture-charpente.com

productivagc.com

defendercarcare.com

abcentixdigital.com

petco.ltd

oypivh.top

micro.guru

Targets

    • Target

      RFQ_10070724.exe

    • Size

      397KB

    • MD5

      d1e512460f6ecd4f7907b81870f9ed9a

    • SHA1

      2e91712215b031056a7425a07fd53457a5ab4803

    • SHA256

      541823134f27a10dd69e8824dc93101dd943730a8ea5f65d9b2ef1c6a643dcee

    • SHA512

      7f0c838cc93b243fc45d1ef1e779022118f6504b8f65542200acadaa18f8864a753fd5f507ca2b4c82ab266ba2b32e2fa3dbcb064201e05b4b20022c8542d55e

    • SSDEEP

      6144:n1FxxGv75a3j51E+S6bjNeksVG9tAA1tIX3NYeI8GYb5D:niD5aTEb6nzdGA1tIYeQYb5

    Score
    10/10
    discoveryformbookna10ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks