Overview

overview

10

Static

static

3

RFQ 096300.exe

windows7-x64

10

RFQ 096300.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    962ce6ed6729ab481d57a8cfbf65d40c_JaffaCakes118

  • Size

    288KB

  • Sample

    240814-p399psxgml

  • MD5

    962ce6ed6729ab481d57a8cfbf65d40c

  • SHA1

    28325a77879688c1c1217d6210ba3cdd660d0227

  • SHA256

    887d43981d30c6d7a65e5b281434bf3796fee6f154ff4bd2ddabad64310d9c06

  • SHA512

    5457467d1df4cbe2468a996af7fe8794e5dcc8c21ba2f28c249a1fb85eaac360611e786589bcdaff3b3f2063c4fe8417857ee9cbdc9491f5a59c18ee70720a7e

  • SSDEEP

    6144:SneM15TO1b470Tddou2vUgfBZMRbCjN6SDLqZkNje:SnO1OI00gfPMEjN6YL4Yje

Score
10/10
formbookq5ediscoveryratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

q5e

Decoy

2177.ltd

thanxiety.com

max-width.com

fixti.net

mostmaj.com

mobilteknolojiuzmani.com

historyannals.com

wheelchairmotion.com

mossandmoonstonestudio.com

kastellifournis.com

axokey.net

peekl.com

metsteeshirt.com

abcfinancial-inc.com

btxrsp.com

amydh.com

ccoauthority.com

lumacorretora.com

kimfelixrealtor.com

iconext.biz

Targets

    • Target

      RFQ 096300.exe

    • Size

      368KB

    • MD5

      802c413ef3a40b505e5b8e2e0fc7bada

    • SHA1

      02f663db266a9151430cc3433b1497b170971769

    • SHA256

      7f4d53805b50624cb5e92857423661c3aef89e24c4ca63e79fdf62cbe2cb694c

    • SHA512

      d9e76abb4840e9d9f253c9ec710fafd69fad38c66097e9143269279ba48a668165402a46854f2052e520535299a6f410b34f0e23a4ca0ec9e398c4ff5a85a453

    • SSDEEP

      6144:F1PWgZQTC1b470TdNou2vOgfB5MRfCjN2EImHXkN:fWgD1OIQugfzMkjN2CY

    Score
    10/10
    formbookq5ediscoveryratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks