Overview

overview

10

Static

static

1

DHL AWB TR...LS.exe

windows7_x64

10

DHL AWB TR...LS.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHL AWB TRACKING DETAILS.exe

  • Size

    248KB

  • Sample

    220128-kg9ntshhgl

  • MD5

    4e358b432ba956c13627beee054d68e5

  • SHA1

    8791318da047e93f2a16cc6535eba5159228f832

  • SHA256

    836696cddebff5d522acb2c105a404ceeb635df69b3c9544b5bebcef13bc3e86

  • SHA512

    a251f2f3e4fe9b0b44b3537983b406e9eb2d5e22298129ba9548f626c3657410adf23b50d0dd69f4601d7c873056e545ca7be0d808f8f0db3f9a38609b82dcff

Score
10/10
formbooka34bratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a34b

Decoy

mesonarte.com

eksiwakun9.xyz

dustcollectionconsultant.com

heliosarchitecture.com

chinaanalysisgroup.com

nimbinhillshemp.com

ychain.biz

mountshastaart.com

monstermangoloco.com

bodhiandbear.com

rootednft.xyz

metayema.com

zw21.xyz

criccketworld.com

segurobarato.net

ananyacap.com

momo-momo.xyz

ezrealestatedeals.com

ghrde.xyz

idimol.com

Targets

    • Target

      DHL AWB TRACKING DETAILS.exe

    • Size

      248KB

    • MD5

      4e358b432ba956c13627beee054d68e5

    • SHA1

      8791318da047e93f2a16cc6535eba5159228f832

    • SHA256

      836696cddebff5d522acb2c105a404ceeb635df69b3c9544b5bebcef13bc3e86

    • SHA512

      a251f2f3e4fe9b0b44b3537983b406e9eb2d5e22298129ba9548f626c3657410adf23b50d0dd69f4601d7c873056e545ca7be0d808f8f0db3f9a38609b82dcff

    Score
    10/10
    formbooka34bratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks