formbook | 202de9e3ed067073685e9ce6fbca6a0c7a32d8f636bf533976c8b6c2b19514da

General

Target

2708-13-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
Sample

240912-k8rmbszhqg
MD5

d26ded134963472d2aab82bc2511f272
SHA1

32cab91c1a4e7446ad51961f16a1be866f563340
SHA256

202de9e3ed067073685e9ce6fbca6a0c7a32d8f636bf533976c8b6c2b19514da
SHA512

50ef9620d7112bbed3e756b5b63ebe6530d4b24f29827d427b7860286fd0de4bedda0e888a98d3d6e6c878dda28076a76bad644bb9b469e036a248604f376727
SSDEEP

3072:kxCTrFKFw6NuG2dRFgK3s8bKAk3306TIOjyChzfEscnBq2Uf:O8RRFDxKAk330POjyuDExBrw

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m10i

Decoy

rmani.today

ifebork.xyz

randovation.net

itchen-remodeling-65686.bond

himu.world

reverie.net

9038.top

rowahome.live

obility-scooters-63189.bond

iangchunqiu.top

yhd.fun

eniorsforseniors.biz

z9zs2.shop

kkjinni.buzz

22av373vu.autos

allnyy.fun

qst.digital

rcap.info

745.top

earfulabjectshirkwashclothe.cfd

Targets

- Target
  
  2708-13-0x0000000000400000-0x000000000042F000-memory.dmp
- Size
  
  188KB
- MD5
  
  d26ded134963472d2aab82bc2511f272
- SHA1
  
  32cab91c1a4e7446ad51961f16a1be866f563340
- SHA256
  
  202de9e3ed067073685e9ce6fbca6a0c7a32d8f636bf533976c8b6c2b19514da
- SHA512
  
  50ef9620d7112bbed3e756b5b63ebe6530d4b24f29827d427b7860286fd0de4bedda0e888a98d3d6e6c878dda28076a76bad644bb9b469e036a248604f376727
- SSDEEP
  
  3072:kxCTrFKFw6NuG2dRFgK3s8bKAk3306TIOjyChzfEscnBq2Uf:O8RRFDxKAk330POjyuDExBrw
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2