Overview

overview

10

Static

static

Invoice pdf.exe

windows7_x64

10

Invoice pdf.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice pdf.7z

  • Size

    566KB

  • Sample

    210420-2qdd3h3zej

  • MD5

    eb8bef3bcdb0a68f7b8e5ed7d496b4a6

  • SHA1

    1dc1a5acebc8e846ee100ca14817e4a6a18380a3

  • SHA256

    39c3cb2bce96c98cde9bec9fff034acca99b592f0a4ebec39a6017f3554a56fa

  • SHA512

    ca26c11efdf8623d3f36ef334551a854a30fa7da5940c96d3605e7224aa76719af9d71c93b3b10c0744919a95b25610f16cbf749401dcfba7027c25bae9ee6c5

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://w����5 �@q[*��S=���m

Targets

    • Target

      Invoice pdf.exe

    • Size

      661KB

    • MD5

      95ad0de0d121d51993dc0e546f82772c

    • SHA1

      e2830744f6497321e7b4c2a49d8270ea91b923c8

    • SHA256

      494b892495fb6f002fd36477446bfc59f686fe73710d55dc782de8512452e535

    • SHA512

      07b83558bd2269cdafd56ca91ddbe396b1d76cc5466fe13f2fff102ce49afedcb446b734922cd4dd6f8f9d2ac80bdcd8f9287ac11415c3c1d3f6dceaef8fe5ae

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Command-Line Interface

1
T1059

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks