Overview

overview

10

Static

static

Revised In...35.exe

windows7_x64

10

Revised In...35.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Revised Invoice No CU 7035.exe

  • Size

    469KB

  • Sample

    210408-4dqlfwgjpe

  • MD5

    a0b32e96914dfe7d50cc7a56d4939c2f

  • SHA1

    3b3033ac851d71711ea10b263cf2b398833316b7

  • SHA256

    2e10edfbe7c4a7c9220db55d3c6f921262366908277a5483ff0faf5579e194f4

  • SHA512

    ee8f0b1dfefb45ab7188b4bb60bb175a2a71ad58fa1083059f98d81a54d7ec03a63fb0ab9f1897f2d8c9224468a9230b8acb936ac82d54c743e72eab5480508a

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.the-techs.info/chue/

Decoy

wowmovies.today

magentos6.com

bi-nav.com

atlantahawks.sucks

wluabjy.icu

kevableinsights.com

lavidaenaustralia.com

stonermadeapparel.net

sondein.com

cirquedusoleilartist.com

kanjitem.com

tomofalltrades.site

mecanico.guru

tech2020s.com

amesoneco.com

theawfulliar.com

californiaadugurus.com

rentalservicesolutions.com

fsxbhd.club

casino-seo.com

Targets

    • Target

      Revised Invoice No CU 7035.exe

    • Size

      469KB

    • MD5

      a0b32e96914dfe7d50cc7a56d4939c2f

    • SHA1

      3b3033ac851d71711ea10b263cf2b398833316b7

    • SHA256

      2e10edfbe7c4a7c9220db55d3c6f921262366908277a5483ff0faf5579e194f4

    • SHA512

      ee8f0b1dfefb45ab7188b4bb60bb175a2a71ad58fa1083059f98d81a54d7ec03a63fb0ab9f1897f2d8c9224468a9230b8acb936ac82d54c743e72eab5480508a

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Nirsoft

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks