Overview

overview

10

Static

static

dhl.exe

windows7_x64

10

dhl.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dhl.exe

  • Size

    368KB

  • Sample

    211026-p4mj2ahdh2

  • MD5

    a3148395965c93d7c7a0180970e35bbe

  • SHA1

    6cf6843a62d1ecb45f00aa1354242154aac61e79

  • SHA256

    78670e73101801526b59bf2bdead06d95cad399ff72abadfc0e00ba557643c80

  • SHA512

    da9342f3ce2ad4ba9af1e8da33886c2199b8e6d432507d2d88116605939be7b450e8ba33a6d020c74e6bf65455c8c6c82978d7ff37fe096600e86ed47f438ddd

Score
10/10
formbooku1bsratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

u1bs

C2

http://www.vgmpradio.com/u1bs/

Decoy

ln-safe-keepingmisva4.xyz

rtfh.xyz

awolin.link

metadlf.com

cardboardcasual.com

psicoterapiahablada.com

spaminator.xyz

hnjqzl.top

dentalyinovasi.site

biosynblas.com

zvyk.store

shreevishwakarmaservices.com

showersplash.com

norbert-roth.com

londoncapitaltraders.com

istanbuldonerkebabheroncity.com

realdiscountsnow.com

marlinplumbingwnc.com

magazinadziavane.com

qantv.com

Targets

    • Target

      dhl.exe

    • Size

      368KB

    • MD5

      a3148395965c93d7c7a0180970e35bbe

    • SHA1

      6cf6843a62d1ecb45f00aa1354242154aac61e79

    • SHA256

      78670e73101801526b59bf2bdead06d95cad399ff72abadfc0e00ba557643c80

    • SHA512

      da9342f3ce2ad4ba9af1e8da33886c2199b8e6d432507d2d88116605939be7b450e8ba33a6d020c74e6bf65455c8c6c82978d7ff37fe096600e86ed47f438ddd

    Score
    10/10
    formbooku1bsratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks