Overview

overview

10

Static

static

3

Invitation...DF.exe

windows7-x64

10

Invitation...DF.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invitation to Tender (ITT) - TED-DRL-2024-024 - Supply PDF.rar

  • Size

    622KB

  • Sample

    240611-nq6kbawcmq

  • MD5

    23c8d16927b30f99c51ac394dec571ec

  • SHA1

    08d920704059db6d6267dceef0f61e289d8a3418

  • SHA256

    8fcdfb3ba15c9fc6d420300a336bb51793970dff8f1556ae4e67b734f4fd5742

  • SHA512

    b64e7641beb71657eab0eccfb693da180cb4c85b9ab97c9ff32cdde621ade4a0ac669f5c55a89932811e85f518f803d901eae0725397e1390e494dc9c39b8a70

  • SSDEEP

    12288:3X3Mv9l36NjwaUPHSyaDZh0JHIYM1YX/itZSl0JWrzXtOlxClbfmT2u:XMv9AjwaU/SNZh0HqUiE0awQbyX

Score
10/10
formbook38gcratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

38gc

Decoy

fgoz3kry51.asia

vanishingacthairremoval.com

onlinelearningsandbox.com

feluca-egypt.com

goforsourcing.com

hairmadeperfect.com

brockspaydayearners.com

vintagetoj.com

tjandthecampers.com

emkanelajiehes.com

bestundersinkwaterfilter.com

proatta777.com

satuslot.beauty

nicolesbodybutter.com

montecarlogallery.com

homeautomation.one

cx-n1.ink

spennys.casa

gaozgn.cfd

hakajimai.online

Targets

    • Target

      Invitation to Tender (ITT) - TED-DRL-2024-024 - Supply PDF.exe

    • Size

      656KB

    • MD5

      58683f82a5c6a4b53e5eea6e3d2df375

    • SHA1

      5781f6d4918dfb0260444dcbaf040dee3ffc0319

    • SHA256

      f1f3c884481aea76a89cfc659e509789e243226118ee103c76dafd76d73aa839

    • SHA512

      df9e89ad721ccfbb730bf82aa67d07697358910dbb401457f66e344b0c74c59ca36c12bfb6e829243fcb92a7f28c23a6aa13b24a05ccea2be55769cfaf795611

    • SSDEEP

      12288:/aCR5leZlNkbMvoHsUjsKZN5eJL/LaG2GcZO6EoLNSB2dC:i+erGMwMf8neJL/+GK3d

    Score
    10/10
    formbook38gcratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks