Overview

overview

10

Static

static

5

Abu Dhabi ...bi.exe

windows7-x64

10

Abu Dhabi ...bi.exe

windows10-2004-x64

3

Receipt-30...83.exe

windows7-x64

10

Receipt-30...83.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08072024_1335_08072024_Ticket Receipt and Fine.zip

  • Size

    1.1MB

  • Sample

    240708-qv6f8a1fjn

  • MD5

    edb120c3c7ba10757b44febda89237f3

  • SHA1

    58db4b1b48740c5ddbe85ff020232206880b62d0

  • SHA256

    9c5d13dd9e0dcca87c672e7dfaa0691e8d0d274546bef8568d29b6d1f1a5adad

  • SHA512

    26a10e1c4aeaa2c8336f139006cfe670963712075581f252e03e7d7ffa5e8fb4e8b76d3801f11e5f6a2d3b50b7e3c51d8d89aa6a57de489f685e50b745a76eb0

  • SSDEEP

    12288:ShBhMEEYeYMzQeqRgtBaJpqyYy0QtQ5z5MEkOeYMBPeqZgt9aJpIeYyeAtd:uHEYwZqoaboyPtsRkOWWq4abGydtd

Score
10/10
formbookgb29ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gb29

Decoy

deecentshop.xyz

agcpros.com

bzbbkmmf.xyz

marketprofissional.com

891237.com

hwqcoiu.xyz

ultimabet.store

nirikide.shop

rsstationary.com

sareease.com

genaidefense.com

mbn254.shop

92fwq.com

buses.life

zbcgf.shop

cheickfatoumata.com

jkendricksmusic.com

dokalopsia.digital

wr70.top

horebconstructioncorp.com

Targets

    • Target

      Abu Dhabi Police Offenders Publishing Images WSAbuDhabi.exe

    • Size

      1.0MB

    • MD5

      95a389d0063ee97edc061062e20ec9d9

    • SHA1

      f19116d5ece54e04932772d9e795ecca91a04a26

    • SHA256

      0a026d4c3ff7d6696cbc3203e0e36549d50e2d4aefdaf05dddbcb81ab2a711a8

    • SHA512

      97588f755299139650dc76310ecb665782a3634c86523f11cadcb40f6ff05beb6fe2aa3fede3ab1a821f46e7b57fbba385a651049eaf033e90778fcfbf048162

    • SSDEEP

      12288:6tb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgahTyGTydQgE7tkar4r+5:6tb20pkaCqT5TBWgNQ7a1eYtz4r+6A

    Score
    10/10
    formbookgb29ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Receipt-30927862-Ticket#0973726-Fines-19346383.exe

    • Size

      1.0MB

    • MD5

      95a389d0063ee97edc061062e20ec9d9

    • SHA1

      f19116d5ece54e04932772d9e795ecca91a04a26

    • SHA256

      0a026d4c3ff7d6696cbc3203e0e36549d50e2d4aefdaf05dddbcb81ab2a711a8

    • SHA512

      97588f755299139650dc76310ecb665782a3634c86523f11cadcb40f6ff05beb6fe2aa3fede3ab1a821f46e7b57fbba385a651049eaf033e90778fcfbf048162

    • SSDEEP

      12288:6tb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgahTyGTydQgE7tkar4r+5:6tb20pkaCqT5TBWgNQ7a1eYtz4r+6A

    Score
    10/10
    formbookgb29ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks