Overview

overview

10

Static

static

5

SKM-P24002...99.exe

windows7-x64

10

SKM-P24002...99.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    153a195c32071b454f7c49384a5450aa24a6f1e99ef880716abbdaafe26f62eb

  • Size

    706KB

  • Sample

    241014-ppkf5azelr

  • MD5

    89d76e42d926c2cec73a8042d3281305

  • SHA1

    6e39d5512c542176d28563cf6f2021be387cf92f

  • SHA256

    153a195c32071b454f7c49384a5450aa24a6f1e99ef880716abbdaafe26f62eb

  • SHA512

    ce4a0bbb8162a2dde0e83d02a91ec2ec999b9a4b804941c6c3f063c3a88f350767d7c3dbddbc0ed251041616593362903a481130f289255e4c21b6e5da05c1b2

  • SSDEEP

    12288:W7QWFPlFfYcpMXcmzHBdFZqCPaQWgtEZJKB1xg6xbffv3uttuDa8M45:RWdo3HHqCPaQWgGC1HleLuu2

Score
10/10
formbooke62sdiscoveryratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e62s

Decoy

ellinksa.shop

uckyspinph.xyz

owdark.net

arriage-therapy-72241.bond

w7ijko4rv4p97b.top

heirbuzzwords.buzz

aspart.shop

ctivemail5-kagoya-com.info

shacertification9.shop

zitcd65k3.buzz

llkosoi.info

ru8.info

rhgtrdjdjykyetrdjftd.buzz

yschoollist.kiwi

oftfolio.online

rograma-de-almacen-2.online

oudoarms.top

mwquas.xyz

orjagaucha.website

nlinechat-mh.online

Targets

    • Target

      SKM-P2400260589107399.exe

    • Size

      1.0MB

    • MD5

      005d8596d55e4c87271ca9bc09cc222e

    • SHA1

      c61462e7f1b10b24f709e4806a12292914444d7b

    • SHA256

      210b1ec06e035d191a8ea49baee96196a97ac906c1c4f4b03e2db5d50649b36f

    • SHA512

      dc2116ba121610b6c9051650d3f223eb4e952f1f914652fc501c113110d4ceac34886691c7e325e1a35ea6f96197e4af9c1c33418c8c666b8b8d16b0756f284b

    • SSDEEP

      12288:JLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QNJKRmvCWxBvamXu7waBtrZDiwVf2jsX:NfmMv6Ckr7Mny5QNJx8rZXusQabckT

    Score
    10/10
    formbooke62sdiscoveryratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks