Overview

overview

10

Static

static

1

MTCN TELLE...PT.exe

windows7-x64

10

MTCN TELLE...PT.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MTCN TELLER RECEIPT.exe

  • Size

    237KB

  • Sample

    230314-lwmchsgg4x

  • MD5

    f9726a7a881f7182123ee36679c4d09b

  • SHA1

    53b28856a51b66195ff4a3b799642b8d1f7025db

  • SHA256

    9472d7a4e6028ef04c5b1a1a57844a3198229bd209b68c1d3534123e4fad8fb2

  • SHA512

    1ea087c3d7311dbd07eeb03c4ca9ef37236fac517f11a305849ab022b8645baffd947d9e794f0418b6050a25f4a3b8f35137ad5f76591cb10e526df04050ac02

  • SSDEEP

    6144:/Ya6i74F0L4ddME6oV38O0+yn9utn3HND:/YUcmL4X6oB8O0+Nt3HND

Score
10/10
formbookke03ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ke03

Decoy

fastartcustom.com

ikanggabus.xyz

aevum.ru

lacarretapps.com

arcaneacquisitions.net

fuulyshop.com

bloodbahis278.com

bullardrvpark.com

cowboy-hostel.xyz

empireoba.com

the-windsor-h.africa

help-desk-td.com

dofirosols.life

efefarmy.buzz

kewwrf.top

autoran.co.uk

moodysanalytics.boo

kulturemarket.com

ffwpu-kenya.com

heykon.com

Targets

    • Target

      MTCN TELLER RECEIPT.exe

    • Size

      237KB

    • MD5

      f9726a7a881f7182123ee36679c4d09b

    • SHA1

      53b28856a51b66195ff4a3b799642b8d1f7025db

    • SHA256

      9472d7a4e6028ef04c5b1a1a57844a3198229bd209b68c1d3534123e4fad8fb2

    • SHA512

      1ea087c3d7311dbd07eeb03c4ca9ef37236fac517f11a305849ab022b8645baffd947d9e794f0418b6050a25f4a3b8f35137ad5f76591cb10e526df04050ac02

    • SSDEEP

      6144:/Ya6i74F0L4ddME6oV38O0+yn9utn3HND:/YUcmL4X6oB8O0+Nt3HND

    Score
    10/10
    formbookke03ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks