Overview

overview

10

Static

static

1

RECIBO MTCN.exe

windows7-x64

10

RECIBO MTCN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RECIBO MTCN_1.rar

  • Size

    279KB

  • Sample

    230329-kr5gvshb7z

  • MD5

    fbfbcba8a1d2462e7f1f8793b6fe9178

  • SHA1

    207bf75a2b565c00602e34a476a74080019634d1

  • SHA256

    679c58fc25dfa08328646f05caf3961ce47473ed96a2afe0c1598a5379863103

  • SHA512

    820d94e84d1b23a06f779ba60caa1056d881f621a81cd41d7508a5282525d77b770174e5fd825dcff4ad8f613b1f17dad073c0f879d66416f465dee699e54ae8

  • SSDEEP

    6144:N0XHzSYSiWWe6r6HwDqyXYjyUZMnw1fsM7EBNnjZL1n8D9f:N8S3WIHyqyIZYbnlxS9f

Score
10/10
formbookke03ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ke03

Decoy

fastartcustom.com

ikanggabus.xyz

aevum.ru

lacarretapps.com

arcaneacquisitions.net

fuulyshop.com

bloodbahis278.com

bullardrvpark.com

cowboy-hostel.xyz

empireoba.com

the-windsor-h.africa

help-desk-td.com

dofirosols.life

efefarmy.buzz

kewwrf.top

autoran.co.uk

moodysanalytics.boo

kulturemarket.com

ffwpu-kenya.com

heykon.com

Targets

    • Target

      RECIBO MTCN.exe

    • Size

      294KB

    • MD5

      9a28fed41f2ac3aff59ffdde4a752434

    • SHA1

      08c829e972d92ff9d6386c25014dcda629165ecf

    • SHA256

      29cabc4d11ff9dc55301ff8d60eb06d1e1ec9c2509910ceda522e84ab4e240f8

    • SHA512

      b602bc23d493432093d80a75812d41543f77aea591ee68472bdc7f5e9f4a867989ab09b8cd775ddae2e73585bf776c1358c70fb6aca78388c6729b56ce9e8b40

    • SSDEEP

      6144:/Ya6uP3tS22mHJp2HJpuK9dw4ax7C+nfZu5tCt4J4p5yXc/DOaK:/YY/tS2xUqKc4al3ns5ktS44YqaK

    Score
    10/10
    formbookke03ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks