Overview

overview

10

Static

static

Payment.exe

windows7_x64

10

Payment.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment.exe

  • Size

    616KB

  • Sample

    210915-g67zrahhh5

  • MD5

    933cedbe56bd04acdbbb183a0004162b

  • SHA1

    9a255a7eaa2dd334dcde3f9c8f73e8c25e3a8a65

  • SHA256

    a57534ac7570e5be7e25f1c0d9745dc549d56b193ed7b1547e61ae79485edc1c

  • SHA512

    42cce5f2e1d9a96bddd3312c7433a2620a3aef84c612501728f77fca159620ff4c69885933e7a2a15c72d7e8a44a0d2e76d41bb2ba6ccb7ec9be04d10cd72545

Score
10/10
formbookpm7sratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pm7s

C2

http://www.rafaelcristino.com/pm7s/

Decoy

angrypeacocks.site

theindependentartlable.com

coachingforthewin.com

localbizsc.com

drive-a-supercar.com

mewsette.com

scinuh.com

gurugramaffordablehomes.com

riamedefarm.com

richfitzfashions.com

u9j1o.info

dife-rent.com

talesfromthequadrat.com

dandfmotors.com

springtexasdentist.com

gobakala.store

earlyeducationglobal.com

sdrxsb.site

dreamlifebiz.com

theurbancaveshop.com

Targets

    • Target

      Payment.exe

    • Size

      616KB

    • MD5

      933cedbe56bd04acdbbb183a0004162b

    • SHA1

      9a255a7eaa2dd334dcde3f9c8f73e8c25e3a8a65

    • SHA256

      a57534ac7570e5be7e25f1c0d9745dc549d56b193ed7b1547e61ae79485edc1c

    • SHA512

      42cce5f2e1d9a96bddd3312c7433a2620a3aef84c612501728f77fca159620ff4c69885933e7a2a15c72d7e8a44a0d2e76d41bb2ba6ccb7ec9be04d10cd72545

    Score
    10/10
    formbookpm7sratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks