Overview

overview

10

Static

static

Payment.exe

windows7_x64

10

Payment.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment.rar

  • Size

    486KB

  • Sample

    210915-jfa87sdbfk

  • MD5

    48c35de47d4446a5d76ab21e96b1d58f

  • SHA1

    8c2182e3bf35d578294bbb09b09a08812459a56f

  • SHA256

    ca1e8896fedd1f7e22799e7c5ccf9f1a7898e4602890efc47285cf0cfead7b46

  • SHA512

    55e52e32a6d139b3d044b500bdd58e6bef460ddcfcd25913176728b232e41907d6a2b145f9d6a63d2958b43af54ba7ad45b4b9d136192b871e3b9aba6099e69a

Score
10/10
formbookpm7sratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pm7s

C2

http://www.rafaelcristino.com/pm7s/

Decoy

angrypeacocks.site

theindependentartlable.com

coachingforthewin.com

localbizsc.com

drive-a-supercar.com

mewsette.com

scinuh.com

gurugramaffordablehomes.com

riamedefarm.com

richfitzfashions.com

u9j1o.info

dife-rent.com

talesfromthequadrat.com

dandfmotors.com

springtexasdentist.com

gobakala.store

earlyeducationglobal.com

sdrxsb.site

dreamlifebiz.com

theurbancaveshop.com

Targets

    • Target

      Payment.exe

    • Size

      616KB

    • MD5

      933cedbe56bd04acdbbb183a0004162b

    • SHA1

      9a255a7eaa2dd334dcde3f9c8f73e8c25e3a8a65

    • SHA256

      a57534ac7570e5be7e25f1c0d9745dc549d56b193ed7b1547e61ae79485edc1c

    • SHA512

      42cce5f2e1d9a96bddd3312c7433a2620a3aef84c612501728f77fca159620ff4c69885933e7a2a15c72d7e8a44a0d2e76d41bb2ba6ccb7ec9be04d10cd72545

    Score
    10/10
    formbookpm7sratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks