Overview

overview

10

Static

static

invoice Ce...‚¬.exe

windows7_x64

10

invoice Ce...‚¬.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    invoice Ceylan 49.600�.rar

  • Size

    332KB

  • Sample

    211015-x6t1wsbch4

  • MD5

    df1853bc557a40333123e1dcecc048d8

  • SHA1

    a808dcfb0b7cd7e1e7ed7d4256f3d4ab66bf3e27

  • SHA256

    da742afc42369db1320628ca59e4f30184b456dee53c32b1b18b6b76104a4405

  • SHA512

    6a177e985567a1862616527fd818543326cd7371da9709971c77504d9e9f3cdd0ffe253fd51d8772b778ff03ff0a045716e5e3d56e43f33c5ccf71b3415322d6

Score
10/10
formbookcl8kratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cl8k

C2

http://www.lightiroanwgt76.xyz/cl8k/

Decoy

georgiaprfirm.com

rhinosafeinc.com

gandgpublishing.com

angelyangelarquitectos.com

formation-gallery.com

orangecountyipadrepair.com

aplearn.info

freshlucky.com

wrapfestival.com

zerosarentals.com

ff7a9vlt7.xyz

teachbing.com

mukos.xyz

baojianma.com

dermalaf.com

hannahandpatrick2022.com

yesilnoktam.xyz

theroyalhotels-kw.com

reisebazaar.online

senergypallet.com

Targets

    • Target

      invoice Ceylan 49.600€.exe

    • Size

      352KB

    • MD5

      74f87a533471eaa7719df1d9b0593c2a

    • SHA1

      77a20802e1e2db283ddf605a818372a72b0d8e26

    • SHA256

      851b20d33b8210f3d20ab4694011a0858eeb745e248a768c1e4c214efb59464b

    • SHA512

      a65587fa689531ff0d9da0c24ed9fb01adc986353491b6cb65773c66c7d5bf3773f8ae7c87ca4e2485da442c815722cdf5633e425693a8ace5f888744c868438

    Score
    10/10
    formbookcl8kratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks