Overview

overview

10

Static

static

Payment TT...93.exe

windows7_x64

10

Payment TT...93.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment TT S lip no 8393.rar

  • Size

    415KB

  • Sample

    211029-fwd39ahchp

  • MD5

    8d568f275ab48f18e3e75629a3ab010a

  • SHA1

    b0f2e98294c678b15887606e884e88229ab3cfaa

  • SHA256

    ff3e1eb7787b16b842a3c16347fccc76932f29422f50a96f639d5c8364a565c5

  • SHA512

    3646ffbfdf7eb39ad438fe0490909bca8a36fd0cb002455942fc0ae2738d0e4ee86ecf54cc9edb95d0424c64d7d772c59f336fb857c25d9cde5b7e8b6a87dfea

Score
10/10
formbookr4gkratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

r4gk

C2

http://www.aprilsaak.quest/r4gk/

Decoy

quantalix.com

animalblog-eggs.com

039skz.xyz

guttas.net

lasantadayparty.com

protegerfinanceservices.com

vixtest.xyz

digitaleconomy.global

0xpax.xyz

mobilehome1688.com

themotionpartners.com

valueney.com

hattuafhv.quest

js0061gj.net

360metaverse.biz

seculardata.com

346727688.xyz

smartmapom.com

moksel.com

exoduswatchco.com

Targets

    • Target

      Payment TT S lip no 8393.exe

    • Size

      495KB

    • MD5

      209022637f55d36fa877e8c4931d2f03

    • SHA1

      b77ae6847ac5c4ca53af477f321183c36675543c

    • SHA256

      7ba579db4b2485e75dbeff653199f592e4067706225975038ad011b73562c3fb

    • SHA512

      19788a7bd0083429492025739b4b087a1afb058ca1331f4ce0be2029120b709c50acd85d6da3d2909407c2e785b3e726a139c465e2bda422894e6da71be2b003

    Score
    10/10
    formbookr4gkratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks