Overview

overview

10

Static

static

Ordem de C...df.exe

windows7_x64

10

Ordem de C...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ordem de Compra pdf.exe

  • Size

    726KB

  • Sample

    220211-h419vseaap

  • MD5

    d523d339c70d176e821a236e713a20d6

  • SHA1

    3127bd7038abe85c3f41139f7dab79fa4c849451

  • SHA256

    e9f29862ff2acf2bf4ca90262d717a32ed3236656081e6014e9b55d962707c1f

  • SHA512

    ad7e1458b985c855bfef6dd85e3899e8a311166d807919949cc5b56904acf9703501aaaad257c630887f9a4617c505d578f0ae2083fbc0e638b99f58755a5155

Score
10/10
formbookg2m3ratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g2m3

Decoy

stocktonfingerprinting.com

metaaiqr.com

junicy.com

libertymutualgrou.com

jklhs7gl.xyz

alex-covalcova.space

socialfiguild.com

drnicholasreid.com

androidappprogrammierie.com

relatingtohumans.com

jitsystems.com

gbwpmz.com

lesaventuresdecocomango.com

wu8ggqdv077p.xyz

autnvg.com

wghakt016.xyz

lagosian.store

hilldoor.com

oculos-ajustavel-br.xyz

nameniboothac.com

Targets

    • Target

      Ordem de Compra pdf.exe

    • Size

      726KB

    • MD5

      d523d339c70d176e821a236e713a20d6

    • SHA1

      3127bd7038abe85c3f41139f7dab79fa4c849451

    • SHA256

      e9f29862ff2acf2bf4ca90262d717a32ed3236656081e6014e9b55d962707c1f

    • SHA512

      ad7e1458b985c855bfef6dd85e3899e8a311166d807919949cc5b56904acf9703501aaaad257c630887f9a4617c505d578f0ae2083fbc0e638b99f58755a5155

    Score
    10/10
    formbookg2m3ratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks