Overview

overview

10

Static

static

1

Shipment D...pg.exe

windows7_x64

10

Shipment D...pg.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Shipment Document BL,INV and packing list.jpg.ace

  • Size

    217KB

  • Sample

    210419-tj5nkwvvdn

  • MD5

    9261a1125bffa06bb3ae16523c46bc4b

  • SHA1

    f28b334edceb6d332263488d1ef33cca0e5ce2f6

  • SHA256

    3869ecd2689762f1d62807c50b58e83ee2f5b8a58216ae6ecb67dc8e46ef6d71

  • SHA512

    ca46d6c4fd2357b38351fba4cffe75813b52316e5919597f8300b2f05f0ec5f09ee5cf14cc076ecedf9319a10d05e55dfa701f8df7aed0ae6384ffdc561e954c

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.localmarketingaiagency.com/pgr/

Decoy

rhymewitnessnews.com

z1seven.com

quaidon.com

spruiodes.com

leanderpumpkinpatch.com

starfood-eg.com

americanrestorationreport.net

myonyxfoundation.com

adcvea.com

theassociationconsultant.com

snaparama.com

ukajp.com

guarfianlife.com

e-dourouss.com

beflybmx.com

ceoesalamanca.com

myoxx.com

maxwatertreatment.com

maskelicious.com

aditridental.com

Targets

    • Target

      Shipment Document BL,INV and packing list.jpg.exe

    • Size

      231KB

    • MD5

      50456fb9b8f0806b76ffd072a5bb70f2

    • SHA1

      ec8e584acd7b5153cf50d9c338b002666e7f85d8

    • SHA256

      aca4e7d8bc5a58300b0945187c084f6c2c44418133ffb36adfb08e25d285de82

    • SHA512

      42c006d277fb4526f56523fb8fb415f7f00e66fe165cbedac2af399a9cabd01c572b76a3706daac292dc5b64e0abcfe8d6f6a5744cba5295f1abc7d3eda00fe9

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks