Overview

overview

10

Static

static

DUE PAY.exe

windows7-x64

3

DUE PAY.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DUE PAY.exe

  • Size

    449KB

  • Sample

    221204-mff18sea71

  • MD5

    194874f2b4133a202568b640967e6e37

  • SHA1

    af9378a9a173d46b099305653d9606a6503c4f5e

  • SHA256

    26434fabc4eae6db7c246b4dfbd2f9153f15024c29f4d2350e91183c4fc64293

  • SHA512

    ee03a017a4f008cd9429b3aaeb67fd84a92cdb2a560e186e7b92193f3ec2871eec1ae515c8c1201dd0c8d37310f908c4452319eab48da3810fd91e0e9b5e8cfb

  • SSDEEP

    12288:y9qlqw40eerkszUlfEHol7wSUVQpa5HGIl:gql95ewksIqIvYKa5HGu

Score
10/10
formbookvwc9ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

vwc9

Decoy

pLjMtZTmuvLDXV4=

iENWNhKVPRzYDQq4Pmlm

H1YAUssvvLhmmxpDTg==

oqvSpIpvoo0sNVE=

66bBokqaVC4XsLUW4Mhu

RURVG9EIxXETEsazT/Hgzw==

CMgRC53FjBhJ

5IJKxmGnWZA+b2CKOx6ddChogl8=

NM/MXgc6pylgwH6ssRgCXyhogl8=

rsQB00iulp0WQEY=

zgKE25H+rCAxoVieoNVu

xPVZTso09oMrsGiD

ihTBLxl7B4i0Bwq4Pmlm

q0IcfPZP2dbymxpDTg==

rFbwTgdhK9z2KydgVog6uQqQ+7Ee2g==

qKb0/bYHu2359OMhF21Wqq6WL41B

ygBgFPMlo6RdmxpDTg==

NF1zQfdkC/4PWBYoQJpbIy5e

1/1QMM0x0GAbZhkS8GZqXu91CnPXnPoC

5v5NJMIoFNKQkA==

Targets

    • Target

      DUE PAY.exe

    • Size

      449KB

    • MD5

      194874f2b4133a202568b640967e6e37

    • SHA1

      af9378a9a173d46b099305653d9606a6503c4f5e

    • SHA256

      26434fabc4eae6db7c246b4dfbd2f9153f15024c29f4d2350e91183c4fc64293

    • SHA512

      ee03a017a4f008cd9429b3aaeb67fd84a92cdb2a560e186e7b92193f3ec2871eec1ae515c8c1201dd0c8d37310f908c4452319eab48da3810fd91e0e9b5e8cfb

    • SSDEEP

      12288:y9qlqw40eerkszUlfEHol7wSUVQpa5HGIl:gql95ewksIqIvYKa5HGu

    Score
    10/10
    formbookvwc9ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks