Overview

overview

10

Static

static

1

ODBIÓR MTCN.exe

windows7-x64

10

ODBIÓR MTCN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ODBIÓR MTCN.exe

  • Size

    341KB

  • Sample

    230328-q3h1wsda4t

  • MD5

    36795a69031d90410d834ad79b3c43e6

  • SHA1

    2ffcc154f19ece4f42d25f3d37fade1d7312e388

  • SHA256

    0ca1816f2c6bc6bb3e9dc4f32b36211472bf4d737d561e9c0a2d67ad38f474a2

  • SHA512

    f745df8db8ddbbc0658ee29cf420c5d5e8773be3a13fc1f055dc222d2f937f251a99db1477982594edbdc78d0decb8d8c9f5aa1feefbbe67a372979273c52882

  • SSDEEP

    6144:/Ya6OjgM/tPAQTVtnJJgl1wPUOCDpTzt9FD4QbCZv1bfJqy1z2Ek9gqCiGw:/YI0M/JrWiPiTz9UrZZKEMgQGw

Score
10/10
formbookke03ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ke03

Decoy

fastartcustom.com

ikanggabus.xyz

aevum.ru

lacarretapps.com

arcaneacquisitions.net

fuulyshop.com

bloodbahis278.com

bullardrvpark.com

cowboy-hostel.xyz

empireoba.com

the-windsor-h.africa

help-desk-td.com

dofirosols.life

efefarmy.buzz

kewwrf.top

autoran.co.uk

moodysanalytics.boo

kulturemarket.com

ffwpu-kenya.com

heykon.com

Targets

    • Target

      ODBIÓR MTCN.exe

    • Size

      341KB

    • MD5

      36795a69031d90410d834ad79b3c43e6

    • SHA1

      2ffcc154f19ece4f42d25f3d37fade1d7312e388

    • SHA256

      0ca1816f2c6bc6bb3e9dc4f32b36211472bf4d737d561e9c0a2d67ad38f474a2

    • SHA512

      f745df8db8ddbbc0658ee29cf420c5d5e8773be3a13fc1f055dc222d2f937f251a99db1477982594edbdc78d0decb8d8c9f5aa1feefbbe67a372979273c52882

    • SSDEEP

      6144:/Ya6OjgM/tPAQTVtnJJgl1wPUOCDpTzt9FD4QbCZv1bfJqy1z2Ek9gqCiGw:/YI0M/JrWiPiTz9UrZZKEMgQGw

    Score
    10/10
    formbookke03ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks