Overview

overview

10

Static

static

FATURA HESABI.exe

windows7_x64

3

FATURA HESABI.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FATURA HESABI.exe

  • Size

    25KB

  • Sample

    220630-kta12ahedj

  • MD5

    9c6e67ca7790e12c09fa65bacf8b0618

  • SHA1

    9b7f0452d2e9e6632457724f106d0b84ae8a8070

  • SHA256

    35256002ef756a42079880ccdec95862e80830e69ebc56225f2b2a34ec28f771

  • SHA512

    5db4e8ac7ad1df7c7142ac37a4774045db7324e01368dd7d9465a03561a5f825afbcf0341651ff615a110881ebb6b8ddb010b2ee1240b6baec3661aa22fcfde4

Score
10/10
formbookgf9dratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gf9d

Decoy

tasty-drop.pro

kairosinternationalfl.com

moi-dolgi.online

kgsp.space

raceier.xyz

mulsion.xyz

eduedge24.com

conciergerietoulousaine.com

islandgirljewelz.com

landofmalbecwines.com

awesomeblossomsonline.com

dtellmebeatext.xyz

origensrio.com

organicmeditationmethod.com

viedelapin.net

petescustomdecals.com

la-verrerie.com

bluecupcoffee.com

univchip.com

jedicrm.com

Targets

    • Target

      FATURA HESABI.exe

    • Size

      25KB

    • MD5

      9c6e67ca7790e12c09fa65bacf8b0618

    • SHA1

      9b7f0452d2e9e6632457724f106d0b84ae8a8070

    • SHA256

      35256002ef756a42079880ccdec95862e80830e69ebc56225f2b2a34ec28f771

    • SHA512

      5db4e8ac7ad1df7c7142ac37a4774045db7324e01368dd7d9465a03561a5f825afbcf0341651ff615a110881ebb6b8ddb010b2ee1240b6baec3661aa22fcfde4

    Score
    10/10
    formbookgf9dratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks