Overview

overview

10

Static

static

satın alma emri.exe

windows7-x64

10

satın alma emri.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    satın alma emri.zip

  • Size

    384KB

  • Sample

    230110-q3adragc32

  • MD5

    c99250ff409af9d0a6c88993d4a00306

  • SHA1

    cd7e83e9f24e58ee1dd45704ea380c5cdf8c73a4

  • SHA256

    dbe448b0363448d0605b13112a1e8a3df9bcc52537ea8113bef1cd08df74436d

  • SHA512

    375487f5844ba805f5255cd3538f64dc73497d9e26e46c1c0252525910801dae5a1fdf760a57aa282c266e2e07ef76615c6c989aa3b9ceade0a12d9b946dd9b3

  • SSDEEP

    6144:SDV/LbNRoqZWzl6V/3hlMaDr3FClBeiBMUaMC/py0QiWfNYbp/IjIyOujiI:e/LxRoqMl6DlTtCPeYMUad407QuBJyII

Score
10/10
formbooktc10ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

tc10

Decoy

mwigyu.com

sepuluholx.com

nsdigitalagency.com

horrorkore.com

santaclaracoimbrakarate.com

myeternalsummer.com

laosmidnight-lotto.com

haremp.xyz

boyace.top

unusualwithdrawal.com

wildflowerkidsri.com

backlitvps.dev

topwellgas.com

k3nnsworld3.com

wanbang.xyz

cntvc.net

sjcamden.church

pussit24.com

claml.com

statisticsturkey.com

Targets

    • Target

      satın alma emri.exe

    • Size

      487KB

    • MD5

      2835d7df2d359384850fde1118d404e9

    • SHA1

      c855c1b467018305ffc888dcacb6c3cefe770d46

    • SHA256

      00a3aca00bfdb0a069304055c547544673f4567e73269fdb324de62f0bce75b1

    • SHA512

      0c2eb10575809127f8253c2813c3e8b719368334d5be8db082dd1948a9ab4e2979e9e9b0b8b0bbae893a44a9eae76a1606507582a34aee25a448b8bad633ade8

    • SSDEEP

      12288:aYmoYpOURMrRGYrJ67/CPe+MUads07QSpJFIA:aYcoUiFf62JhaK0PlH

    Score
    10/10
    formbooktc10ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks