Overview

overview

10

Static

static

1

item order_22.exe

windows7_x64

10

item order_22.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    item order_22.zip

  • Size

    243KB

  • Sample

    211023-bqwznaefh7

  • MD5

    cdd716a7d11a1998d9085d708c115209

  • SHA1

    9b45b91d8ab5e576db3742470de4c5c5bfabd061

  • SHA256

    f1c25e54b1dbb0f33aa28eba1f2247183f023d9a935bebea90701e6ce1f8e06b

  • SHA512

    d9bc1bd82b793f0de06e348a27f9d2bda7e832ba9567e08706fce3c9c96805afc220f836d87fa5889381105444013032c8c6c4872a346929f0ca66eb6194132e

Score
10/10
formbookct6sratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ct6s

C2

http://www.metalzj.quest/ct6s/

Decoy

liaquatsibtian.com

erisa.cymru

theultimateone.world

petpartner.info

edison-press.com

ryanmurazik.icu

bukasystems.com

kitsusimplex.com

qatarstyleart.com

brkhot.top

paehdfdtrujdfhs.xyz

createdbybonk.com

kuihoon.com

deathtocustomerservice.com

iotimb.com

greendiamond.pw

millionaireproducers.academy

websitemolsa.com

cbshomeimprovement.com

eardunder.quest

Targets

    • Target

      item order_22.exe

    • Size

      256KB

    • MD5

      4fa029281ae0d527998bbe733a37421d

    • SHA1

      50cbaa32695f0e8e8c36a3e0a28aa9baccad1319

    • SHA256

      951b3801c77479718c09691a55c7bb46dc968965bd263ede0afc9ddd6562374c

    • SHA512

      3e9f5900d3ae1f3f618af9319c1791eda6cba11684b663fcfe84b54e9ec293e17376601a60387ba82f58e6d17a0c68de4294659aa7ae6e04b7501f9098e28570

    Score
    10/10
    formbookct6sratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks