Overview

overview

10

Static

static

INVOICE.exe

windows7-x64

10

INVOICE.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INVOICE.exe

  • Size

    900KB

  • Sample

    221024-v2j9sahhbj

  • MD5

    94fbca3f42d439bed773a04e82b29827

  • SHA1

    e804a967276c25df1b48e8b5f35109a2559cc55d

  • SHA256

    3903f75f7f0106aa34486f7c546b98a1eba03b1a0d901ccd09fb90294de857a4

  • SHA512

    21d8802c3bca47ba6d8fcbc20a1bd6a6502d32a5dad4fc1fa6e4b79266734046efa9e4ed807b99129ecf3427b9a4b2ec644e29a2f18d249081074aa99a7a2fd1

  • SSDEEP

    12288:jXNIMvqVefEu5JunXd0qe06DgKWlkmaWpJOBqm3xraOVbp1G+B/NP:7NICSapUKVmaM/AbLn

Score
10/10
formbookp94aratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p94a

Decoy

wishgrove.com

parqueveiculos.com

spiderwebs.online

chulkanadham.com

cdtuan.net

zxazm.com

payment6528832.xyz

fengtaiol.com

bffsmovie.com

aliceseagerfitness.com

garisluruskonsulindo.website

analytical-gutter.net

ahcq8.com

fenyoga.com

ecleptic.cat

conjurecrafts.com

aquaway.date

apenpokkenschoonmaakbedrijf.com

zgramr.top

boweknives.site

Targets

    • Target

      INVOICE.exe

    • Size

      900KB

    • MD5

      94fbca3f42d439bed773a04e82b29827

    • SHA1

      e804a967276c25df1b48e8b5f35109a2559cc55d

    • SHA256

      3903f75f7f0106aa34486f7c546b98a1eba03b1a0d901ccd09fb90294de857a4

    • SHA512

      21d8802c3bca47ba6d8fcbc20a1bd6a6502d32a5dad4fc1fa6e4b79266734046efa9e4ed807b99129ecf3427b9a4b2ec644e29a2f18d249081074aa99a7a2fd1

    • SSDEEP

      12288:jXNIMvqVefEu5JunXd0qe06DgKWlkmaWpJOBqm3xraOVbp1G+B/NP:7NICSapUKVmaM/AbLn

    Score
    10/10
    formbookp94aratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks