Overview

overview

10

Static

static

yeni sipariş pdf.exe

windows7_x64

10

yeni sipariş pdf.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    yeni sipariş pdf.exe

  • Size

    770KB

  • Sample

    220225-fcvlwsefh9

  • MD5

    26b94b8cf43e9b091e3202ee396faa33

  • SHA1

    a985b7b7f68f86c35f429d1d57416d8de04c6a4b

  • SHA256

    38b3959cf30fce3b03c31286231db4d220427e31af7e3d7458792cdb3e8b895d

  • SHA512

    a2390e0dcf816dd2ae33081922ce153602461b8b97114084aa1fcbcee267e546af96be4ca72d84efbc6c849b31d768a8126ccb8f6545e8c6682651569259079a

Score
10/10
formbookg2m3ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g2m3

Decoy

stocktonfingerprinting.com

metaaiqr.com

junicy.com

libertymutualgrou.com

jklhs7gl.xyz

alex-covalcova.space

socialfiguild.com

drnicholasreid.com

androidappprogrammierie.com

relatingtohumans.com

jitsystems.com

gbwpmz.com

lesaventuresdecocomango.com

wu8ggqdv077p.xyz

autnvg.com

wghakt016.xyz

lagosian.store

hilldoor.com

oculos-ajustavel-br.xyz

nameniboothac.com

Targets

    • Target

      yeni sipariş pdf.exe

    • Size

      770KB

    • MD5

      26b94b8cf43e9b091e3202ee396faa33

    • SHA1

      a985b7b7f68f86c35f429d1d57416d8de04c6a4b

    • SHA256

      38b3959cf30fce3b03c31286231db4d220427e31af7e3d7458792cdb3e8b895d

    • SHA512

      a2390e0dcf816dd2ae33081922ce153602461b8b97114084aa1fcbcee267e546af96be4ca72d84efbc6c849b31d768a8126ccb8f6545e8c6682651569259079a

    Score
    10/10
    formbookg2m3ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks