Overview

overview

10

Static

static

3

h8N9qpyRAPaiitu.exe

windows7-x64

10

h8N9qpyRAPaiitu.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    h8N9qpyRAPaiitu.exe

  • Size

    795KB

  • Sample

    240701-m99kmsyaqb

  • MD5

    a6d026ed6d34720275d8d6fd98ad5113

  • SHA1

    fb398d1e20b29f5dc346a7b84309a0e5c55ce7d7

  • SHA256

    a4e1544dee96f911479934ecd89b51ead1ee008026a2468f65167e0d76cb459c

  • SHA512

    9c46f3271e02a45b63beac8e74c84fc05a987ffb53fd41fa79c1d60a1c8379d72bc1df256dc7ba9e01363e0767e616e5ee4b32c22c9efbd1ea8496eb8364f324

  • SSDEEP

    12288:9TCE8GILjWLWgAnOKU1AIcP4CVIadpBR8wZLm5cAw0sVj0b1SMp0dR:ccAOKU1AIlihPPlZLmZw2pp4

Score
10/10
formbookmc10ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mc10

Decoy

sttcorp.one

jack88.lat

owl-protect.com

hnszrrn.com

at89v2.com

h147.top

takle4creators.com

fondsa.xyz

mantenopolice.com

shophansler.com

dessertt.com

thecollisionmagazine.com

tatesfluffyfrenchies.com

h1f2v.rest

bluewandltd.com

cuplaho2003.shop

2thetcleaningservice.com

yc85w.top

natursache.shop

allmyabilities.com

Targets

    • Target

      h8N9qpyRAPaiitu.exe

    • Size

      795KB

    • MD5

      a6d026ed6d34720275d8d6fd98ad5113

    • SHA1

      fb398d1e20b29f5dc346a7b84309a0e5c55ce7d7

    • SHA256

      a4e1544dee96f911479934ecd89b51ead1ee008026a2468f65167e0d76cb459c

    • SHA512

      9c46f3271e02a45b63beac8e74c84fc05a987ffb53fd41fa79c1d60a1c8379d72bc1df256dc7ba9e01363e0767e616e5ee4b32c22c9efbd1ea8496eb8364f324

    • SSDEEP

      12288:9TCE8GILjWLWgAnOKU1AIcP4CVIadpBR8wZLm5cAw0sVj0b1SMp0dR:ccAOKU1AIlihPPlZLmZw2pp4

    Score
    10/10
    formbookmc10ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks