Malware sandboxing report by Hatching Triage

General

Target

Halkbank,pdf.rar
Size

584KB
Sample

230125-ml5xjsfg34
MD5

c5419c35b9c20fb07216aaecb7c7fde1
SHA1

aea3b88fd53a750c13f092882972f52aa5461fcc
SHA256

7fa3be6313a31933b762a1eb84a4913ff764c30adebedec0d848d6ff78a9488f
SHA512

b925312adb98ed0d28cba8775cb86bffb4601a10d85d58266f900675d3b4729f8a00a848d7557a3a64fcf2b6deb3700ab3e38b3b4093830f2329c6b2402b22d9
SSDEEP

12288:CvwM5P5suCYj8aoqoD6zeCP4VqCaTO1xyb50J9raYb7rEPI3N41QF:4wM5P5Hlj8zqRwsm1xybCJ9rPbEwK8

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gg62

Decoy

growfast.africa
lerema.com
38945.se
wheelfermotors.africa
giftshareforyou.online
burrismktg.com
keepgrowing.uk
efefhomeless.buzz
bryanokoh.com
fashion-clothing-40094.com
andreasunshine.com
naijahood.africa
aditrirealty.com
kinnoitodatsumou.com
cryptoqzclimax.com
hairly.biz
comeuphither4.com
integrity360.ltd
flushywhole.com
8869365.com
fabvance-demos.online
motherpearl.africa
dnsmctmu.com
25779.football
crimson-sunset.ru
haamyounghoon.com
0563news.com
battleb0t.site
transnetfreight.africa
djdaxroadshow.co.uk
bwrps.live
abuin.vip
impressionsbyb.store
findguyscolorado.com
jordanflowerauction.net
fdm50off.com
31seaaa.com
centuryofviolence.co.uk
againstszhanweek.com
injurylawyersconsultants.com
kuotabike.com
cruisejoy.uk
clotaire.ru
hurloic.xyz
anvair.com
ivapeonthis.com
hotsesso.xyz
khramvyazovki.store
mentalistas.dev
cahayasunnah.com
bypro1.online
flavoredkreations.info
inuwallet.com
livingemployebenefits.com
enlighthings.com
focobreathwork.com
emaskhalipahbertam.com
jswl.store
chamaera.com
abbeyspear.com
downwind.one
lovelive.buzz
essentialhealth101.com
irakit.com
cbsht.com

growfast.africa

lerema.com

38945.se

wheelfermotors.africa

giftshareforyou.online

burrismktg.com

keepgrowing.uk

efefhomeless.buzz

bryanokoh.com

fashion-clothing-40094.com

andreasunshine.com

naijahood.africa

aditrirealty.com

kinnoitodatsumou.com

cryptoqzclimax.com

hairly.biz

comeuphither4.com

integrity360.ltd

flushywhole.com

8869365.com

Targets

- Target
  
  Halkbank,pdf.exe
- Size
  
  748KB
- MD5
  
  3e0ff29b04ce9b6ca93fe26eae5ea271
- SHA1
  
  c9c29504bd24e3c7ac591ec1312e32a9c5623a3f
- SHA256
  
  f79a020cedb43bbd1f4948a2566d081fed934d56f871741d2548f792e8800e7b
- SHA512
  
  3e9e18cd7addfa2b7cf8cfc4ccb5bc7da55ff2951c72456dd57b653e239cbbabc265871da0674a8f9251150b94ba045aa95f2413669dac4163f21fabeb5046f9
- SSDEEP
  
  12288:k9posleqpoUIGApUa0h3hnzEcWjPX8UBhxE1q1feA+rsnKrFEcFXL1GH/h8:kEsMzG9Zhz0rDDxQq1febr
Score

10^/10

formbook gg62 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2