Overview

overview

10

Static

static

Payment _S...py.exe

windows7_x64

10

Payment _S...py.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment _Slip copy.exe

  • Size

    559KB

  • Sample

    210408-w1679n4xbs

  • MD5

    f225bd6e1facbe754c48a861d5aa0735

  • SHA1

    388e899a7145a06d0ce012ef4c3590840853082d

  • SHA256

    ca146513d9ec6ec60b81b20fd9aa2f262c54d447e8361417c3c4b7678e51e6a5

  • SHA512

    47856347420f8e955d4fadf4c33d1c32b97d1e92c3c57f353ad9c479bdba0ec57540e7eaccebe7a3130b747f181aa6815433ef4fe812b8dcc7027dda637e130b

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.discorddeno.land/suod/

Decoy

casirivimab.info

johnvogia.com

lzdafang.com

tarihmarketi.com

singalongpress.com

three60farms.com

websky.pro

jacketsmecca.com

magentos6.com

brooksideseniorapts.com

onewhistleandflags.com

naturopathe-valdoise-france.com

reflexmem.com

kurumsalpanel.com

bhuwarecruitment.com

exponentialhealth.online

posttensionrepairs.com

prbrokerllc.com

aashealthcarestaffing.com

pubgeventcenter.com

Targets

    • Target

      Payment _Slip copy.exe

    • Size

      559KB

    • MD5

      f225bd6e1facbe754c48a861d5aa0735

    • SHA1

      388e899a7145a06d0ce012ef4c3590840853082d

    • SHA256

      ca146513d9ec6ec60b81b20fd9aa2f262c54d447e8361417c3c4b7678e51e6a5

    • SHA512

      47856347420f8e955d4fadf4c33d1c32b97d1e92c3c57f353ad9c479bdba0ec57540e7eaccebe7a3130b747f181aa6815433ef4fe812b8dcc7027dda637e130b

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Nirsoft

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks