Overview

overview

10

Static

static

FATURA ÖDEMESİ.exe

windows7-x64

10

FATURA ÖDEMESİ.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FATURA ÖDEMESİ.exe

  • Size

    857KB

  • Sample

    221207-n2wt9ahb41

  • MD5

    66ed7ba0a4ca21ace023480e4015a9e3

  • SHA1

    5de079ca99452414f7c68a985e9b114a16bf3f94

  • SHA256

    b66fc3c8f01ea488838e57cda4157b5ec8d3398b321fcc68bdb9d7ce397486f5

  • SHA512

    4319d634180de8a14f2bdb652a132ef1649ce05018b8f86f47b09ded7c5b20fd1691648539095276c46f7e35823b5f81d0d2dd8af353a523788828c81acbf1f1

  • SSDEEP

    12288:y+oQgKZ/nXt7virmWhlGLaQYIIjmas5JGXylk+mphdWvzAtpexqlI9aDc7nH6Py:y/u/PlbmperA5IBH6Pq/M9

Score
10/10
formbookgs25ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gs25

Decoy

real-food.store

marketdatalibrary.com

jolidens.space

ydental.info

tattoosbyjayinked.com

buytradesellpei.com

61983.xyz

identitysolver.xyz

mgfang.com

teizer.one

staychillax.com

ylanzarote.com

workte.net

maukigato.shop

coolbag.site

btya1r.com

dkhaohao.shop

zugaro.xyz

boon168.com

xn--80aeegahlwtdkp.com

Targets

    • Target

      FATURA ÖDEMESİ.exe

    • Size

      857KB

    • MD5

      66ed7ba0a4ca21ace023480e4015a9e3

    • SHA1

      5de079ca99452414f7c68a985e9b114a16bf3f94

    • SHA256

      b66fc3c8f01ea488838e57cda4157b5ec8d3398b321fcc68bdb9d7ce397486f5

    • SHA512

      4319d634180de8a14f2bdb652a132ef1649ce05018b8f86f47b09ded7c5b20fd1691648539095276c46f7e35823b5f81d0d2dd8af353a523788828c81acbf1f1

    • SSDEEP

      12288:y+oQgKZ/nXt7virmWhlGLaQYIIjmas5JGXylk+mphdWvzAtpexqlI9aDc7nH6Py:y/u/PlbmperA5IBH6Pq/M9

    Score
    10/10
    formbookgs25ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks