Overview

overview

10

Static

static

3

Purchase List .exe

windows7-x64

10

Purchase List .exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase List .exe

  • Size

    79KB

  • Sample

    240619-19mmrsvamh

  • MD5

    3462a1a8071d37ce9110eaea3b9cdf50

  • SHA1

    ccd57efa4c7330c0d351b62a362f8b7b06e35c92

  • SHA256

    6f61a8c2f7e89c87050811f34877179ed753ea5344115e7b059da05c3f1f2b79

  • SHA512

    4bc0636b997f78d461be2f9124e1ef83b0ea20e5af7d49b4c6aaf5fe87629aac78064c96007e4d6a8ffd288ba21c967780da365bb301d965278bcd7714272ba3

  • SSDEEP

    1536:3YTth9Ag7qBLMeHdLfK6IVoi+pQNafOC3BSmDi:3YD7qFHTIMQQmmO

Score
10/10
formbook45erratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

45er

Decoy

depotpulsa.com

k2bilbao.online

bb4uoficial.com

rwc666.club

us-pservice.cyou

tricegottreats.com

zsystems.pro

qudouyin6.com

sfumaturedamore.net

pcetyy.icu

notbokin.online

beqprod.tech

flipbuilding.com

errormitigationzoo.com

zj5u603.xyz

jezzatravel.com

zmdniavysyi.shop

quinnsteele.com

522334.com

outdoorshopping.net

Targets

    • Target

      Purchase List .exe

    • Size

      79KB

    • MD5

      3462a1a8071d37ce9110eaea3b9cdf50

    • SHA1

      ccd57efa4c7330c0d351b62a362f8b7b06e35c92

    • SHA256

      6f61a8c2f7e89c87050811f34877179ed753ea5344115e7b059da05c3f1f2b79

    • SHA512

      4bc0636b997f78d461be2f9124e1ef83b0ea20e5af7d49b4c6aaf5fe87629aac78064c96007e4d6a8ffd288ba21c967780da365bb301d965278bcd7714272ba3

    • SSDEEP

      1536:3YTth9Ag7qBLMeHdLfK6IVoi+pQNafOC3BSmDi:3YD7qFHTIMQQmmO

    Score
    10/10
    formbook45erratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks