Overview

overview

10

Static

static

3

Payment Utr Copy.exe

windows7-x64

10

Payment Utr Copy.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment Utr Copy.exe

  • Size

    875KB

  • Sample

    230510-qnx69sgb94

  • MD5

    0a0a483d55322204ce0c960af3ed5cdc

  • SHA1

    e0ee65052e3ff42cd3cfeb798dee85d25376b013

  • SHA256

    a1a882d7abefdec8678649330339a2f080a777450da1be5110b88e81a8ea38cc

  • SHA512

    45c28282743ac15e0e31208776c60860eebb0abc8a5d178505f84f141ca1a63aa2012d6cd50d09752e622b67195f1bfb2a0f10b6432d0950d2ac1651fddf7ca7

  • SSDEEP

    12288:TNU42rcBqZfOtXyWqeufFdFu+5NUAVKlylMH9rhFrWC4l5Zm:TL2rGIqXofFdZ5FVp+KC4l5Zm

Score
10/10
formbookgtt8ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gtt8

Decoy

thesuccessbot.com

rittercivil.com

jt1.fun

d365extension.com

quqoxeq.top

visittworiverswi.com

bfprotienda.com

greenhabitsph.com

ladmere.com

clockboutiques.com

minwart.xyz

xinyuejiancai.online

eggsl.com

fetchingcandles.com

skywatiniya.com

hinkley.news

realityonlineenterprises.com

teamcroissant.com

esfera-pv.ch

herdadedosmontesbastos.com

Targets

    • Target

      Payment Utr Copy.exe

    • Size

      875KB

    • MD5

      0a0a483d55322204ce0c960af3ed5cdc

    • SHA1

      e0ee65052e3ff42cd3cfeb798dee85d25376b013

    • SHA256

      a1a882d7abefdec8678649330339a2f080a777450da1be5110b88e81a8ea38cc

    • SHA512

      45c28282743ac15e0e31208776c60860eebb0abc8a5d178505f84f141ca1a63aa2012d6cd50d09752e622b67195f1bfb2a0f10b6432d0950d2ac1651fddf7ca7

    • SSDEEP

      12288:TNU42rcBqZfOtXyWqeufFdFu+5NUAVKlylMH9rhFrWC4l5Zm:TL2rGIqXofFdZ5FVp+KC4l5Zm

    Score
    10/10
    formbookgtt8ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks