Overview

overview

10

Static

static

1

80460-Cont...23.exe

windows7-x64

10

80460-Cont...23.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    80460-Contract Ref 2023.exe

  • Size

    814KB

  • Sample

    230327-mqjj4sda74

  • MD5

    030de17769357418013f18e0ad1b61bb

  • SHA1

    3bfd9fd82f846a73f319eb2a29f246dbf143e721

  • SHA256

    34c2526748f1214c70cbefa7e45e067e86e78c79759cafa9fdf1082795ed92bb

  • SHA512

    84f378d657e3bf30028fe4aeafea91d3da68dfe77531a10d0919dc439285633bf97914b8ec9a9f9e998c6ef3239697f43dd0e1979623017875e4906246445826

  • SSDEEP

    12288:qA53B0OKIZt8JDol8JSfyjaGClHNfUFL1FCgUoygyKIwp6DoFxVf6lzZGJhZ:qA5x8IE9olWK7G6t4jFBJIw4cMhZgD

Score
10/10
formbookbpnwratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bpnw

Decoy

subsc-music.com

spiffyd01.buzz

link2it.xyz

coenst.site

carltonautomatic.com

argbeauty.co.uk

tenantdfgg.click

mammothbechtelar.com

bekkarblogger.com

rheamoments.com

themagicofbedtime.com

berksbeaconnews.com

1stpagerealestate.com

ammarshoes.com

lv-newlife.com

travelnewsbuzz.com

promo-tv.fun

getfreedownload.online

al-istitmar.info

strataclleanenergy.com

Targets

    • Target

      80460-Contract Ref 2023.exe

    • Size

      814KB

    • MD5

      030de17769357418013f18e0ad1b61bb

    • SHA1

      3bfd9fd82f846a73f319eb2a29f246dbf143e721

    • SHA256

      34c2526748f1214c70cbefa7e45e067e86e78c79759cafa9fdf1082795ed92bb

    • SHA512

      84f378d657e3bf30028fe4aeafea91d3da68dfe77531a10d0919dc439285633bf97914b8ec9a9f9e998c6ef3239697f43dd0e1979623017875e4906246445826

    • SSDEEP

      12288:qA53B0OKIZt8JDol8JSfyjaGClHNfUFL1FCgUoygyKIwp6DoFxVf6lzZGJhZ:qA5x8IE9olWK7G6t4jFBJIw4cMhZgD

    Score
    10/10
    formbookbpnwratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks