Overview

overview

10

Static

static

3

f1f3c88448...39.exe

windows10-1703-x64

10

f1f3c88448...39.exe

windows10-2004-x64

10

f1f3c88448...39.exe

windows11-21h2-x64

10

Resubmissions

20-06-2024 08:53

240620-ktnxwstajj 10

12-06-2024 02:32

240612-c1j9aaygnn 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f1f3c884481aea76a89cfc659e509789e243226118ee103c76dafd76d73aa839.exe

  • Size

    656KB

  • Sample

    240620-ktnxwstajj

  • MD5

    58683f82a5c6a4b53e5eea6e3d2df375

  • SHA1

    5781f6d4918dfb0260444dcbaf040dee3ffc0319

  • SHA256

    f1f3c884481aea76a89cfc659e509789e243226118ee103c76dafd76d73aa839

  • SHA512

    df9e89ad721ccfbb730bf82aa67d07697358910dbb401457f66e344b0c74c59ca36c12bfb6e829243fcb92a7f28c23a6aa13b24a05ccea2be55769cfaf795611

  • SSDEEP

    12288:/aCR5leZlNkbMvoHsUjsKZN5eJL/LaG2GcZO6EoLNSB2dC:i+erGMwMf8neJL/+GK3d

Score
10/10
formbook38gcratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

38gc

Decoy

fgoz3kry51.asia

vanishingacthairremoval.com

onlinelearningsandbox.com

feluca-egypt.com

goforsourcing.com

hairmadeperfect.com

brockspaydayearners.com

vintagetoj.com

tjandthecampers.com

emkanelajiehes.com

bestundersinkwaterfilter.com

proatta777.com

satuslot.beauty

nicolesbodybutter.com

montecarlogallery.com

homeautomation.one

cx-n1.ink

spennys.casa

gaozgn.cfd

hakajimai.online

Targets

    • Target

      f1f3c884481aea76a89cfc659e509789e243226118ee103c76dafd76d73aa839.exe

    • Size

      656KB

    • MD5

      58683f82a5c6a4b53e5eea6e3d2df375

    • SHA1

      5781f6d4918dfb0260444dcbaf040dee3ffc0319

    • SHA256

      f1f3c884481aea76a89cfc659e509789e243226118ee103c76dafd76d73aa839

    • SHA512

      df9e89ad721ccfbb730bf82aa67d07697358910dbb401457f66e344b0c74c59ca36c12bfb6e829243fcb92a7f28c23a6aa13b24a05ccea2be55769cfaf795611

    • SSDEEP

      12288:/aCR5leZlNkbMvoHsUjsKZN5eJL/LaG2GcZO6EoLNSB2dC:i+erGMwMf8neJL/+GK3d

    Score
    10/10
    formbook38gcratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks