Overview

overview

10

Static

static

5

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7565e6753a23fa9393cd3a32b1f65153658a48d8a289a2571fd9285f6628ac65

  • Size

    1.0MB

  • Sample

    240707-nnfaca1cln

  • MD5

    7e65b6742284236fdd138467fad4a26b

  • SHA1

    4a98fa33b6ed4f1d79783707a44b539810973cca

  • SHA256

    7565e6753a23fa9393cd3a32b1f65153658a48d8a289a2571fd9285f6628ac65

  • SHA512

    893c639f9565836949397fc3ef20b11405313ed496d023039a5752767c1f332b3f6409d11e2e1adda99363ae6fe5f4c877717f795f706017f182265a79f8b787

  • SSDEEP

    24576:DAHnh+eWsN3skA4RV1Hom2KXMmHai5ib3XvnR3e5:Oh+ZkldoPK8Yai5knJk

Score
10/10
formbookrn94ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rn94

Decoy

st68v.xyz

conciergenotary.net

qwechaotk.top

rtpdonatoto29.xyz

8ad.xyz

powermove.top

cameras-30514.bond

vanguardcoffee.shop

umoe53fxc1bsujv.buzz

consultoriamax.net

hplxx.com

ndu.wtf

yzh478c.xyz

bigbrown999.site

xiake07.asia

resdai.xyz

the35678.shop

ba6rf.rest

ceo688.com

phimxhot.xyz

Targets

    • Target

      7565e6753a23fa9393cd3a32b1f65153658a48d8a289a2571fd9285f6628ac65

    • Size

      1.0MB

    • MD5

      7e65b6742284236fdd138467fad4a26b

    • SHA1

      4a98fa33b6ed4f1d79783707a44b539810973cca

    • SHA256

      7565e6753a23fa9393cd3a32b1f65153658a48d8a289a2571fd9285f6628ac65

    • SHA512

      893c639f9565836949397fc3ef20b11405313ed496d023039a5752767c1f332b3f6409d11e2e1adda99363ae6fe5f4c877717f795f706017f182265a79f8b787

    • SSDEEP

      24576:DAHnh+eWsN3skA4RV1Hom2KXMmHai5ib3XvnR3e5:Oh+ZkldoPK8Yai5knJk

    Score
    10/10
    formbookrn94ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks