Overview

overview

10

Static

static

1

RECIBO MTCN.exe

windows7-x64

10

RECIBO MTCN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RECIBO MTCN.exe

  • Size

    294KB

  • Sample

    230328-w4bwvsce39

  • MD5

    9a28fed41f2ac3aff59ffdde4a752434

  • SHA1

    08c829e972d92ff9d6386c25014dcda629165ecf

  • SHA256

    29cabc4d11ff9dc55301ff8d60eb06d1e1ec9c2509910ceda522e84ab4e240f8

  • SHA512

    b602bc23d493432093d80a75812d41543f77aea591ee68472bdc7f5e9f4a867989ab09b8cd775ddae2e73585bf776c1358c70fb6aca78388c6729b56ce9e8b40

  • SSDEEP

    6144:/Ya6uP3tS22mHJp2HJpuK9dw4ax7C+nfZu5tCt4J4p5yXc/DOaK:/YY/tS2xUqKc4al3ns5ktS44YqaK

Score
10/10
formbookke03ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ke03

Decoy

fastartcustom.com

ikanggabus.xyz

aevum.ru

lacarretapps.com

arcaneacquisitions.net

fuulyshop.com

bloodbahis278.com

bullardrvpark.com

cowboy-hostel.xyz

empireoba.com

the-windsor-h.africa

help-desk-td.com

dofirosols.life

efefarmy.buzz

kewwrf.top

autoran.co.uk

moodysanalytics.boo

kulturemarket.com

ffwpu-kenya.com

heykon.com

Targets

    • Target

      RECIBO MTCN.exe

    • Size

      294KB

    • MD5

      9a28fed41f2ac3aff59ffdde4a752434

    • SHA1

      08c829e972d92ff9d6386c25014dcda629165ecf

    • SHA256

      29cabc4d11ff9dc55301ff8d60eb06d1e1ec9c2509910ceda522e84ab4e240f8

    • SHA512

      b602bc23d493432093d80a75812d41543f77aea591ee68472bdc7f5e9f4a867989ab09b8cd775ddae2e73585bf776c1358c70fb6aca78388c6729b56ce9e8b40

    • SSDEEP

      6144:/Ya6uP3tS22mHJp2HJpuK9dw4ax7C+nfZu5tCt4J4p5yXc/DOaK:/YY/tS2xUqKc4al3ns5ktS44YqaK

    Score
    10/10
    formbookke03ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks