Overview

overview

10

Static

static

1

Payment_Advice.exe

windows7_x64

10

Payment_Advice.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment_Advice.zip

  • Size

    324KB

  • Sample

    220314-kzqcxafhdp

  • MD5

    0d79d906b634941d12a47ef05674e9dc

  • SHA1

    6a83cb74b8b54b5e38b6b8dd5a6afa2f1045a436

  • SHA256

    bc1e7e59c022c6a18268526652635867ae48ca1463c0084bc59781976b794f58

  • SHA512

    f36266b845554e65a3f65a0abdf5c7d70d79a19c978552657d7d86eab314d96a8fe6a16e87dab513de60a374f127ed331f038020940b58715a292959674cb889

Score
10/10
formbookoh75ratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oh75

Decoy

denizgidam.com

6cc06.com

charlottewaldburgzeil.com

medijanus.com

qingdaoyiersan.com

datcabilgisayar.xyz

111439d.com

xn--1ruo40k.com

wu6enxwcx5h3.xyz

vnscloud.net

brtka.xyz

showztime.com

promocoesdedezenbro.com

wokpy.com

chnowuk.online

rockshotscafe.com

pelrjy.com

nato-riness.com

feixiang-chem.com

thcoinexchange.com

Targets

    • Target

      Payment_Advice.exe

    • Size

      347KB

    • MD5

      7743639ddcae00f91ce46f21bf73a9a8

    • SHA1

      1daa2f866b0abf7cd48d43011562938ae6543b95

    • SHA256

      b011f06c7ab6d49b0dd9285e1e2d9dee21efae17f6be4281ec7a6a26e2bed812

    • SHA512

      8651283009598240de0e870e7d22ad0e9cec2f64a57b04ff094dece68a8cda917289c5985011c26ae91450a7e4e585989420d661f96f8a13105e3c95c2f93714

    Score
    10/10
    formbookoh75ratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks