Overview

overview

10

Static

static

3

LPO NO - 19615.exe

windows7-x64

10

LPO NO - 19615.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    29-12-2024 09:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LPO NO - 19615.exe

  • Size

    252KB

  • MD5

    bc2c939dc95ccb7c1ab6b593c5e7fc36

  • SHA1

    077fa9ad551e0f3eeab0807fdc090e1d7c8484dd

  • SHA256

    915861e0bf6cb3a567b8ce22c1ab89626d9f1ab175cd8bb4eab4d8232cc2b880

  • SHA512

    5c55ec7670fa61d314c9202a0a244c05a4e94f36c6a0ae8097b89693b5c49e2d8bf4faa1fa0dc3dd4fa721b88ac2f549735d7b38d17881217d6de5b28c0977a4

  • SSDEEP

    6144:pb3/W+HZZn3rbykHzxjjlZoXDfVh+pehqyu50+zOzR+3OfK2:pbO+5Z36kNHobj+LDLzOw3OfK

Score
10/10
formbookfn02ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fn02

Decoy

wkinforresearch.com

hnfsclw.com

flow2live.com

2bveruyucdxnerf2.com

art-istratova.online

day2plus.net

finovatio.com

50706.net

theabotanicalsph.com

longcovid.run

semperempoweringequity.com

consumerismbarbarica.com

rightloaddispatching.com

tansonews.com

emakz-nih.com

dbluxurycarrentals.com

streetfood-real.store

fagamotorsperu.com

consortiumwatches.com

intodialog.com

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook family
    formbook
  • Core1 .NET packer 1 IoCs

    Detects packer/loader used by .NET malware.

  • Formbook payload 1 IoCs
    rat

Processes

  • C:\Users\Admin\AppData\Local\Temp\LPO NO - 19615.exe
    "C:\Users\Admin\AppData\Local\Temp\LPO NO - 19615.exe"
    1⤵
      PID:2128

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2128-0-0x000007FEF67F3000-0x000007FEF67F4000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2128-1-0x000000013FF40000-0x000000013FF84000-memory.dmp

      Filesize

      272KB

      Download

    • memory/2128-2-0x00000000008D0000-0x000000000092C000-memory.dmp

      Filesize

      368KB

      Download

    • memory/2128-3-0x0000000002060000-0x00000000020A8000-memory.dmp

      Filesize

      288KB

      Download

    • memory/2128-4-0x000007FEF67F0000-0x000007FEF71DC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2128-5-0x000007FEF67F0000-0x000007FEF71DC000-memory.dmp

      Filesize

      9.9MB

      Download