Overview

overview

10

Static

static

3

Payment 013125.exe

windows7-x64

3

Payment 013125.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    745e7e7c01b915e1144c07c73b32f91d04f17d303623876f9ca421759b415f7c

  • Size

    1.1MB

  • Sample

    250131-kxlxpstkgq

  • MD5

    4a496b83cded5e7b30778d0fc15535d1

  • SHA1

    666c00701e5276e070a7fef8e0ac1513ee0fd4c9

  • SHA256

    745e7e7c01b915e1144c07c73b32f91d04f17d303623876f9ca421759b415f7c

  • SHA512

    b7d14846b60afaf9f155117ee79f19d83103750d310f6a7746846cab45966291ac7148f16942d29220d793a77465800554babaa0ef5f56c3bda437215ca9191c

  • SSDEEP

    24576:wawVWY/IGnM0lcGpDHZ/GHSjbgdr7/MoLiaPD4BQ5pdCHad9U:BYwt0lrwyjbgd3Uoua7wQnRnU

Score
10/10
formbooki62sdiscoveryratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

i62s

Decoy

uamentesaudavel.shop

nio.xyz

rginine12.live

ourmet94goodies.shop

dveo.xyz

epp.xyz

lexbreus.art

nline-gaming-32533.bond

znetio.info

hosaround.net

ecurity-apps-53798.bond

treamtiendat.xyz

ngomoney.online

wig.xyz

ills-au.today

megavine.shop

hatsea.net

nvestore.xyz

pasupplies.online

i-analyst.online

Targets

    • Target

      Payment 013125.exe

    • Size

      1.1MB

    • MD5

      1f25b0932adb4f999664456718bd2705

    • SHA1

      65b93e7c15c644f81784b38f68e832ef09f39a3a

    • SHA256

      cdb3229e64d90c75e9205357001b037333e36ecf141098dab1971d82cfa238ee

    • SHA512

      1aa055a35277b77db20b87c604eea433ad78fe2f3ffd1199e9ab89788cea6f53e39219d227536787c14ff268c500e43fb393e623c04c7c7e520a80adc0ab595d

    • SSDEEP

      24576:lPV8K/0GHMcdgApDHFJGHSjbsZrnhuoBiq1D4Bu5JdQLaP:4KMPcdfOyjbsZ7cosqxwuPN

    Score
    10/10
    discoveryformbooki62sratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook family

      formbook

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks