Overview

overview

10

Static

static

1

ODBIÓR MTCN.exe

windows7-x64

10

ODBIÓR MTCN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RECIBO MTCN_1.rar

  • Size

    326KB

  • Sample

    230327-l3c3escg99

  • MD5

    e9286af0e6c41541277a9c7c6f0ad36f

  • SHA1

    affb9d957206ee64a70f17a7045616a629b8da71

  • SHA256

    cd441b4c9815a2a8c3b5851ecd25c21e174dc34f5ea19c3d1cc6c86e7c70ed51

  • SHA512

    983ca53125d9f5b616f31a658b4a612d786d0a827ebf2af18c3ac71a69d2289b576593b95c2aa943df30a148e5fba1f39eb7b232d36664f0ebfadbe0b146300f

  • SSDEEP

    6144:IdlwBGFn7s7hisY9QfeopCUhqvYoUp0iAeg+hvj+FOs8ZkDOGqO34nu:2wBGFnqhiy2ECVxZnNUr+IODOGhl

Score
10/10
formbookke03ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ke03

Decoy

fastartcustom.com

ikanggabus.xyz

aevum.ru

lacarretapps.com

arcaneacquisitions.net

fuulyshop.com

bloodbahis278.com

bullardrvpark.com

cowboy-hostel.xyz

empireoba.com

the-windsor-h.africa

help-desk-td.com

dofirosols.life

efefarmy.buzz

kewwrf.top

autoran.co.uk

moodysanalytics.boo

kulturemarket.com

ffwpu-kenya.com

heykon.com

Targets

    • Target

      ODBIÓR MTCN.exe

    • Size

      341KB

    • MD5

      36795a69031d90410d834ad79b3c43e6

    • SHA1

      2ffcc154f19ece4f42d25f3d37fade1d7312e388

    • SHA256

      0ca1816f2c6bc6bb3e9dc4f32b36211472bf4d737d561e9c0a2d67ad38f474a2

    • SHA512

      f745df8db8ddbbc0658ee29cf420c5d5e8773be3a13fc1f055dc222d2f937f251a99db1477982594edbdc78d0decb8d8c9f5aa1feefbbe67a372979273c52882

    • SSDEEP

      6144:/Ya6OjgM/tPAQTVtnJJgl1wPUOCDpTzt9FD4QbCZv1bfJqy1z2Ek9gqCiGw:/YI0M/JrWiPiTz9UrZZKEMgQGw

    Score
    10/10
    formbookke03ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks