Overview

overview

10

Static

static

3

7f9b8fcc52...d0.exe

windows7-x64

10

7f9b8fcc52...d0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    16e94b879efe7aa32e4223936485efb641d2d36ad0dc42970fd273ac226195e4

  • Size

    1.2MB

  • Sample

    241108-hhetqsxhlr

  • MD5

    1a4681b392f5e56640930f8f0f939d4f

  • SHA1

    f62944b78973b8aebe915dc0e67513631fa21d52

  • SHA256

    16e94b879efe7aa32e4223936485efb641d2d36ad0dc42970fd273ac226195e4

  • SHA512

    0c9346a25934b89c526f8538658602941b224056b42f147919af0b43be0b023c756df5111ac70570707627d9bea1a536f21d83f240a4cc9603a15555d04624db

  • SSDEEP

    24576:O2wagZ1riY+2ygX4FtY4px6ipHpawMlCXzp5LXbrdTqhU10J13LU:O2wagZdip2LXQtY4v6i9pawuYzf7lTY0

Score
10/10
formbookoa09discoverypersistenceratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oa09

Decoy

grit.careers

kingthaivegas.com

onwingirisleri.net

radio-jesus.com

forestfairiesnft.com

healthyintimatelifestyle.africa

karamoghanasti.africa

gqujtf.com

chaindenmark.com

netzerosemitechnologies.co.uk

kakekpecah1000.com

fiddler-foaled.click

adventurepsychologist.com

miletong.net

discounttirestoresinc.com

goldmanmediaent.com

entsorgunglangnau.ch

brezop.xyz

24-02-2022.site

artificialgrassminneapolis.com

Targets

    • Target

      7f9b8fcc527d02e66b49d76ff52297d69dbf237a8dd4342fdf3f49a2189c67d0.exe

    • Size

      2.2MB

    • MD5

      22b365e10dd635468212251994b194bf

    • SHA1

      069d6d2395ec518d0156b6d02519d3b8e896e5b5

    • SHA256

      7f9b8fcc527d02e66b49d76ff52297d69dbf237a8dd4342fdf3f49a2189c67d0

    • SHA512

      fbb27e9c38a6f351edd756b00227c42b98bf08c89c1c85e3b74462a381b61e4347972f373327f540b5744ef661ed0c1b3072b188616d5a5950478720bddefb1b

    • SSDEEP

      24576:iB26eZ4fTPkhZ2PAG0pMn6+YZ8IOxSD68Q81Zr6kNefAd/YK2HzQX9Kub+YSgrBK:Zhhj+EbjDE81R6iY7O

    Score
    10/10
    formbookoa09discoverypersistenceratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook family

      formbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks