Overview

overview

10

Static

static

Alış sif...df.exe

windows7-x64

10

Alış sif...df.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Alış sifarişi pdf.exe

  • Size

    828KB

  • Sample

    221205-k7a8ysec72

  • MD5

    5f7c25f49d456e5aef86f4222185d857

  • SHA1

    837048b8312e503b8d037f1ab5fa53285a348b95

  • SHA256

    4316b3f12ec26cbd5b22069f083417ca75399ece85aba9de0e06db3678a5ec2b

  • SHA512

    4e8ea51f3cbf4e48df2dc673c6a061255be089d949abe1d5aa1e2747e0e30ae5c9415b0878c2c3df4de0a1a3365237389493baf4172be13f1c4f614fec94640b

  • SSDEEP

    12288:6i4ciTkg586aWHff+fhDv9BZ0P4roJPWfpxGAmjfC2VkkmFrRXQn:z4ZTB5O8f+ZDvZvr7fpxL+

Score
10/10
formbookcy28ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cy28

Decoy

100049723423.review

lovehealthcare.online

immuniversity.info

ihproductions.net

originatorsu.mobi

shxwjn.top

fivemeters.com

planettiki.site

berantaspinjol.online

oregonusedtrucks.com

darkstarkoi.com

izmirhaberci.world

41014.top

georgiaspanishgoats.com

dealstopstartups.click

ravmodeling.center

unsundayjesus.world

initialslash.site

shubaola.top

caserevision.com

Targets

    • Target

      Alış sifarişi pdf.exe

    • Size

      828KB

    • MD5

      5f7c25f49d456e5aef86f4222185d857

    • SHA1

      837048b8312e503b8d037f1ab5fa53285a348b95

    • SHA256

      4316b3f12ec26cbd5b22069f083417ca75399ece85aba9de0e06db3678a5ec2b

    • SHA512

      4e8ea51f3cbf4e48df2dc673c6a061255be089d949abe1d5aa1e2747e0e30ae5c9415b0878c2c3df4de0a1a3365237389493baf4172be13f1c4f614fec94640b

    • SSDEEP

      12288:6i4ciTkg586aWHff+fhDv9BZ0P4roJPWfpxGAmjfC2VkkmFrRXQn:z4ZTB5O8f+ZDvZvr7fpxL+

    Score
    10/10
    formbookcy28ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks