Overview

overview

10

Static

static

1

E-dekont.pdf.exe

windows7-x64

10

E-dekont.pdf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    E-dekont.pdf.exe

  • Size

    221KB

  • Sample

    221122-mc1apsdd3x

  • MD5

    894125e6917b2615cc1bf3088a67a1f5

  • SHA1

    58f04b7fa7c55976de27a86a620e3301863802dc

  • SHA256

    44e3ed577325d16ea39deebd178c78d4022d21120a791f4c875c537fe60be2e1

  • SHA512

    6fb81a5bee91bf595d48609633c071958d129325ce11716c958a6399f894c5bc16ca33a3b85c0f45640a6523342376f51501e3bb4088d6e8d6dbf23dbe619d64

  • SSDEEP

    3072:WfJSq+ytGIon9KcSMhCOwEgjOFdLZkYEn9/qulHdf1YChR6EwiaKHKMybpq6fAUH:MEa0N0OhFfkYAquffemVaSKLLjM5oB

Score
10/10
formbookmi08ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mi08

Decoy

mytimebabes.com

ycpxb.com

abdkaplani.com

cloudingersoftech.com

fthfire.xyz

christyna.work

3d-add-on.com

knowyourtechdeals.com

kcl24.com

sepatubiker.com

sunnyboy.live

zrbsq.com

rinpari.com

lesac-berra.com

yes820.com

cnnorman.com

mystichousedv.com

sbobet888auto.com

gawiul.xyz

luispenas.com

Targets

    • Target

      E-dekont.pdf.exe

    • Size

      221KB

    • MD5

      894125e6917b2615cc1bf3088a67a1f5

    • SHA1

      58f04b7fa7c55976de27a86a620e3301863802dc

    • SHA256

      44e3ed577325d16ea39deebd178c78d4022d21120a791f4c875c537fe60be2e1

    • SHA512

      6fb81a5bee91bf595d48609633c071958d129325ce11716c958a6399f894c5bc16ca33a3b85c0f45640a6523342376f51501e3bb4088d6e8d6dbf23dbe619d64

    • SSDEEP

      3072:WfJSq+ytGIon9KcSMhCOwEgjOFdLZkYEn9/qulHdf1YChR6EwiaKHKMybpq6fAUH:MEa0N0OhFfkYAquffemVaSKLLjM5oB

    Score
    10/10
    formbookmi08ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks