Overview

overview

10

Static

static

Ordem de C...df.exe

windows7_x64

10

Ordem de C...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ordem de Compra pdf.exe

  • Size

    817KB

  • Sample

    220217-hys2asade3

  • MD5

    2614063b54b48d8a59fc578d71170a7a

  • SHA1

    ab56571bed53b64c83a4c43c3f9ee4df3d058a15

  • SHA256

    dce0a6cd0dcb808bfcdd3539f85721d004f7b528832314d40149039262440349

  • SHA512

    a2cd515082ce137cc8098b2d16858e5672965f36fa1fa03f0a9a52bc8471f672e628c4c8371a3d7a5bed97679ea9d06db7f42ffd9e4714ee120f86ba642dec5c

Score
10/10
formbookg2m3ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g2m3

Decoy

stocktonfingerprinting.com

metaaiqr.com

junicy.com

libertymutualgrou.com

jklhs7gl.xyz

alex-covalcova.space

socialfiguild.com

drnicholasreid.com

androidappprogrammierie.com

relatingtohumans.com

jitsystems.com

gbwpmz.com

lesaventuresdecocomango.com

wu8ggqdv077p.xyz

autnvg.com

wghakt016.xyz

lagosian.store

hilldoor.com

oculos-ajustavel-br.xyz

nameniboothac.com

Targets

    • Target

      Ordem de Compra pdf.exe

    • Size

      817KB

    • MD5

      2614063b54b48d8a59fc578d71170a7a

    • SHA1

      ab56571bed53b64c83a4c43c3f9ee4df3d058a15

    • SHA256

      dce0a6cd0dcb808bfcdd3539f85721d004f7b528832314d40149039262440349

    • SHA512

      a2cd515082ce137cc8098b2d16858e5672965f36fa1fa03f0a9a52bc8471f672e628c4c8371a3d7a5bed97679ea9d06db7f42ffd9e4714ee120f86ba642dec5c

    Score
    10/10
    formbookg2m3ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Command-Line Interface

1
T1059

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks