Overview

overview

10

Static

static

Payment TT...93.exe

windows7_x64

10

Payment TT...93.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment TT S lip no 8393.exe

  • Size

    495KB

  • Sample

    211029-qxpaqaddg3

  • MD5

    209022637f55d36fa877e8c4931d2f03

  • SHA1

    b77ae6847ac5c4ca53af477f321183c36675543c

  • SHA256

    7ba579db4b2485e75dbeff653199f592e4067706225975038ad011b73562c3fb

  • SHA512

    19788a7bd0083429492025739b4b087a1afb058ca1331f4ce0be2029120b709c50acd85d6da3d2909407c2e785b3e726a139c465e2bda422894e6da71be2b003

Score
10/10
formbookr4gkratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

r4gk

C2

http://www.aprilsaak.quest/r4gk/

Decoy

quantalix.com

animalblog-eggs.com

039skz.xyz

guttas.net

lasantadayparty.com

protegerfinanceservices.com

vixtest.xyz

digitaleconomy.global

0xpax.xyz

mobilehome1688.com

themotionpartners.com

valueney.com

hattuafhv.quest

js0061gj.net

360metaverse.biz

seculardata.com

346727688.xyz

smartmapom.com

moksel.com

exoduswatchco.com

Targets

    • Target

      Payment TT S lip no 8393.exe

    • Size

      495KB

    • MD5

      209022637f55d36fa877e8c4931d2f03

    • SHA1

      b77ae6847ac5c4ca53af477f321183c36675543c

    • SHA256

      7ba579db4b2485e75dbeff653199f592e4067706225975038ad011b73562c3fb

    • SHA512

      19788a7bd0083429492025739b4b087a1afb058ca1331f4ce0be2029120b709c50acd85d6da3d2909407c2e785b3e726a139c465e2bda422894e6da71be2b003

    Score
    10/10
    formbookr4gkratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks