Overview

overview

10

Static

static

PROVA DE P...TO.exe

windows7-x64

10

PROVA DE P...TO.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AF3838D501FED830BCB3C3B48D3184B05F588D8699816AFF5A2F2F27EC0D1154

  • Size

    558KB

  • Sample

    221123-r1gwgsaa28

  • MD5

    6adcefcaba52081bbfe7c3f06e0fc4d8

  • SHA1

    090f3771e9b4b7e4f3e56cc18a5e59a77dcaf756

  • SHA256

    af3838d501fed830bcb3c3b48d3184b05f588d8699816aff5a2f2f27ec0d1154

  • SHA512

    fcc600e7f4254aa1706134ae809082e4894e302d9732734a24bf865e0961d78412151e22ab9910eb320201df4647d09835e12fc19455c26d52b1b796f3609de9

  • SSDEEP

    12288:+ejceu5gFDrIhB0/lRqzAmOrW8Yu0kAAVB8wot83wF8r/SyAuPpc2wxX:BtEDq3qUfW8vzFotcrThDwxX

Score
10/10
formbookgs25ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gs25

Decoy

real-food.store

marketdatalibrary.com

jolidens.space

ydental.info

tattoosbyjayinked.com

buytradesellpei.com

61983.xyz

identitysolver.xyz

mgfang.com

teizer.one

staychillax.com

ylanzarote.com

workte.net

maukigato.shop

coolbag.site

btya1r.com

dkhaohao.shop

zugaro.xyz

boon168.com

xn--80aeegahlwtdkp.com

Targets

    • Target

      PROVA DE PAGAMENTO.exe

    • Size

      710KB

    • MD5

      d90ee4a69a80b53f8b6ac0f3fd08e72c

    • SHA1

      000e8e599fbf58baeac2483c92370b811fa2477d

    • SHA256

      c0764ceab13a533b3ea99ccc162a1f36e85f4094b29c4a30b91b0d3f0ff1112e

    • SHA512

      ec18433d2c9afc3865c5f6b58acdb895c6abe98427b8e19d37e991033a3aee5254fea78f097aa472d9a1930f6d5fcc17cafd524fd5170c9bf3427bdb0f5a7755

    • SSDEEP

      12288:pSIyM/U057k2TlIh1A/lDMzAmORWyYuMkAAV/8wot83w/8rRWnu6:BBOzGVMU9WyvdFotCronu6

    Score
    10/10
    formbookgs25ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks