Overview

overview

10

Static

static

Ordem de C...4h.exe

windows7-x64

10

Ordem de C...4h.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ordem de Compra pdf xxQ4h.exe

  • Size

    894KB

  • Sample

    221128-vrzxgsbe46

  • MD5

    973a94d5f2fb8e7d4da718d074dfd9eb

  • SHA1

    707f58e7972ed3493b0bd62480e4ed9538eba93f

  • SHA256

    608aed0c05c0bd3ff091e559c92093440f659cc8b6f98865ce907cd9d6885ba3

  • SHA512

    9b5dac4e93ff472550e557b9ea6e3bc4ccdcefd861886403a4c3729b9070de30d507ce3d4dc341d671416b1f4bd6e1a7a3624e5f9cd0f9935b3c375b89595250

  • SSDEEP

    24576:EHryn040Nznszfdf0DYkmybe7hxtcPuDdEPf:6mp0SZfsgyOT6vP

Score
10/10
formbookcy28ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cy28

Decoy

100049723423.review

lovehealthcare.online

immuniversity.info

ihproductions.net

originatorsu.mobi

shxwjn.top

fivemeters.com

planettiki.site

berantaspinjol.online

oregonusedtrucks.com

darkstarkoi.com

izmirhaberci.world

41014.top

georgiaspanishgoats.com

dealstopstartups.click

ravmodeling.center

unsundayjesus.world

initialslash.site

shubaola.top

caserevision.com

Targets

    • Target

      Ordem de Compra pdf xxQ4h.exe

    • Size

      894KB

    • MD5

      973a94d5f2fb8e7d4da718d074dfd9eb

    • SHA1

      707f58e7972ed3493b0bd62480e4ed9538eba93f

    • SHA256

      608aed0c05c0bd3ff091e559c92093440f659cc8b6f98865ce907cd9d6885ba3

    • SHA512

      9b5dac4e93ff472550e557b9ea6e3bc4ccdcefd861886403a4c3729b9070de30d507ce3d4dc341d671416b1f4bd6e1a7a3624e5f9cd0f9935b3c375b89595250

    • SSDEEP

      24576:EHryn040Nznszfdf0DYkmybe7hxtcPuDdEPf:6mp0SZfsgyOT6vP

    Score
    10/10
    formbookcy28ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks