Overview

overview

10

Static

static

1

E-dekont.pdf.exe

windows7-x64

10

E-dekont.pdf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    E-dekont.pdf.exe

  • Size

    259KB

  • Sample

    230323-h931msgb9z

  • MD5

    d40c752afda958acd686a4cdc7d6ae9f

  • SHA1

    026b08860087225aef946bf2d57659c9fb839287

  • SHA256

    60d85cc9cdf5ea1c43d698843974eb8ed2a5acb05443ab1a0d24e237438a5b7b

  • SHA512

    eb22b3267fe94bfb866a5293877a4100e7f4dd5825cec2ad1875b33e5d711eb4a4258e27ae73e7df28d38a687e372163013c6a41437f7b2e5ae676aa2569e811

  • SSDEEP

    6144:PYa6FB67K+gdNGetVdBOrpZWcTUDMDJ+p5lAlnTnc4gexmTnQvx:PYPBKK+ylrCpZWdADJYalTxx

Score
10/10
formbookme29ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

me29

Decoy

borne-selfie-valence.com

erccore.com

fontebono.com

58619.se

smartmetersystems.co.uk

defrag.team

az-architecture.com

healingthehoard.com

eqde.ru

kingsedubd.com

hoibeebu.net

findbesthomesolution.com

dinkdfw.com

alfa-outlet.com

claritybiometrics.video

lewshopok.cfd

crofton77.online

assetzstat.info

indianhillsequine.com

vetsclosetomylocation.com

Targets

    • Target

      E-dekont.pdf.exe

    • Size

      259KB

    • MD5

      d40c752afda958acd686a4cdc7d6ae9f

    • SHA1

      026b08860087225aef946bf2d57659c9fb839287

    • SHA256

      60d85cc9cdf5ea1c43d698843974eb8ed2a5acb05443ab1a0d24e237438a5b7b

    • SHA512

      eb22b3267fe94bfb866a5293877a4100e7f4dd5825cec2ad1875b33e5d711eb4a4258e27ae73e7df28d38a687e372163013c6a41437f7b2e5ae676aa2569e811

    • SSDEEP

      6144:PYa6FB67K+gdNGetVdBOrpZWcTUDMDJ+p5lAlnTnc4gexmTnQvx:PYPBKK+ylrCpZWdADJYalTxx

    Score
    10/10
    formbookme29ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks