Overview

overview

10

Static

static

Payment_Advice.exe

windows7-x64

1

Payment_Advice.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment_Advice.exe

  • Size

    119KB

  • Sample

    220728-vd71yaabap

  • MD5

    fb6b4faf70cfaeac35c5f0fe94ac08e4

  • SHA1

    e18e49ae0c5d0bbc332b869c60bdbf5f6cfe652f

  • SHA256

    940584cf3203158b88b4dfafc8550d92be205ca5ef401da8a4449622e423751c

  • SHA512

    d75ca0422d9d4f325282566de106a2ab669942b34fdbecc2b454fee5018968229bafb74bfdbf01d405b9a73847ab8dde625023e3fba192c83d07fcf5292950c2

Score
10/10
formbookfs44ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fs44

Decoy

whneat.com

jljcw.net

pocodelivery.com

outofplacezine.com

yavuzcansigorta.com

xinhewood-cn.com

cartogogh.com

5avis.com

joyceyong.art

digitalsurf.community

blackcreekbarns.com

magazinedistribuidor.com

sportsgross.com

drevom.online

mayibeofservice.com

gareloi-digit.com

permitha.net

renaissanceestetica.com

facts-r-friends.com

dach-loc.com

Targets

    • Target

      Payment_Advice.exe

    • Size

      119KB

    • MD5

      fb6b4faf70cfaeac35c5f0fe94ac08e4

    • SHA1

      e18e49ae0c5d0bbc332b869c60bdbf5f6cfe652f

    • SHA256

      940584cf3203158b88b4dfafc8550d92be205ca5ef401da8a4449622e423751c

    • SHA512

      d75ca0422d9d4f325282566de106a2ab669942b34fdbecc2b454fee5018968229bafb74bfdbf01d405b9a73847ab8dde625023e3fba192c83d07fcf5292950c2

    Score
    10/10
    formbookfs44ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks