Overview

overview

10

Static

static

1

RECIBO MTCN.rar

windows7-x64

3

RECIBO MTCN.rar

windows10-2004-x64

3

MTCN TELLE...PT.exe

windows7-x64

10

MTCN TELLE...PT.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RECIBO MTCN.rar

  • Size

    222KB

  • Sample

    230314-qgmf7ahd9t

  • MD5

    55c9a1ff87134502a6c82c6ae0e494dd

  • SHA1

    3ef9f7db901b635d4d9a03cc3532b3ee3d6cb430

  • SHA256

    ef4affb6a91e67cd7b1ee492589e18cf700653e6d6b32a66d5b1747ab861ef56

  • SHA512

    6c15ba2372a1ce0356b52c338600869e26b7196b90f8c8206d76107a55135b59d715d81c0cabcc7f5cba9f93284784a6ceb62ea851281d51c2f9278d06fb3be3

  • SSDEEP

    6144:Ohe+DOLW8ihXZCxlrmP9qcanPBWfE+NJo5gXZQLA:Q5fhpX9qBPBWfE+Nll

Score
10/10
formbookke03ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ke03

Decoy

fastartcustom.com

ikanggabus.xyz

aevum.ru

lacarretapps.com

arcaneacquisitions.net

fuulyshop.com

bloodbahis278.com

bullardrvpark.com

cowboy-hostel.xyz

empireoba.com

the-windsor-h.africa

help-desk-td.com

dofirosols.life

efefarmy.buzz

kewwrf.top

autoran.co.uk

moodysanalytics.boo

kulturemarket.com

ffwpu-kenya.com

heykon.com

Targets

    • Target

      RECIBO MTCN.rar

    • Size

      222KB

    • MD5

      55c9a1ff87134502a6c82c6ae0e494dd

    • SHA1

      3ef9f7db901b635d4d9a03cc3532b3ee3d6cb430

    • SHA256

      ef4affb6a91e67cd7b1ee492589e18cf700653e6d6b32a66d5b1747ab861ef56

    • SHA512

      6c15ba2372a1ce0356b52c338600869e26b7196b90f8c8206d76107a55135b59d715d81c0cabcc7f5cba9f93284784a6ceb62ea851281d51c2f9278d06fb3be3

    • SSDEEP

      6144:Ohe+DOLW8ihXZCxlrmP9qcanPBWfE+NJo5gXZQLA:Q5fhpX9qBPBWfE+Nll

    Score
    3/10
    behavioral1behavioral2

    • Target

      MTCN TELLER RECEIPT.exe

    • Size

      237KB

    • MD5

      f9726a7a881f7182123ee36679c4d09b

    • SHA1

      53b28856a51b66195ff4a3b799642b8d1f7025db

    • SHA256

      9472d7a4e6028ef04c5b1a1a57844a3198229bd209b68c1d3534123e4fad8fb2

    • SHA512

      1ea087c3d7311dbd07eeb03c4ca9ef37236fac517f11a305849ab022b8645baffd947d9e794f0418b6050a25f4a3b8f35137ad5f76591cb10e526df04050ac02

    • SSDEEP

      6144:/Ya6i74F0L4ddME6oV38O0+yn9utn3HND:/YUcmL4X6oB8O0+Nt3HND

    Score
    10/10
    formbookke03ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks