Overview

overview

10

Static

static

3

bankdetails.exe

windows7-x64

10

bankdetails.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bankdetails.exe.bin

  • Size

    670KB

  • Sample

    230505-xxx17aaf8v

  • MD5

    c5bfc79069cf743f50c82449ff7b597c

  • SHA1

    b7ce8cce3995ff60ca0be6ff2fad05f30cca57a7

  • SHA256

    120694aadf1eb3c014ff05aea81661da85e34080d23ee2570b98d88b504b1819

  • SHA512

    bfd19942dc549d78c26f7b3bdcc6d1b897d39bd2a34ac0b7f982f5e139e8a84c5d017d18976d1cedf37016f9d5d1d77389b8fe949730e8db94691166c904b7bd

  • SSDEEP

    12288:+Ff2iN+LwRQe3EVNyFoSfoy6zaYbtUkHTDeDXCvLMpLSt:I18Lw6jVNyFofy0btUkHPeDSja

Score
10/10
formbookgtt8ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gtt8

Decoy

thesuccessbot.com

rittercivil.com

jt1.fun

d365extension.com

quqoxeq.top

visittworiverswi.com

bfprotienda.com

greenhabitsph.com

ladmere.com

clockboutiques.com

minwart.xyz

xinyuejiancai.online

eggsl.com

fetchingcandles.com

skywatiniya.com

hinkley.news

realityonlineenterprises.com

teamcroissant.com

esfera-pv.ch

herdadedosmontesbastos.com

Targets

    • Target

      bankdetails.exe.bin

    • Size

      670KB

    • MD5

      c5bfc79069cf743f50c82449ff7b597c

    • SHA1

      b7ce8cce3995ff60ca0be6ff2fad05f30cca57a7

    • SHA256

      120694aadf1eb3c014ff05aea81661da85e34080d23ee2570b98d88b504b1819

    • SHA512

      bfd19942dc549d78c26f7b3bdcc6d1b897d39bd2a34ac0b7f982f5e139e8a84c5d017d18976d1cedf37016f9d5d1d77389b8fe949730e8db94691166c904b7bd

    • SSDEEP

      12288:+Ff2iN+LwRQe3EVNyFoSfoy6zaYbtUkHTDeDXCvLMpLSt:I18Lw6jVNyFofy0btUkHPeDSja

    Score
    10/10
    formbookgtt8ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks