Overview

overview

10

Static

static

3

Purchase Order.exe

windows7-x64

10

Purchase Order.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order.exe

  • Size

    681KB

  • Sample

    230516-k3dhhscb32

  • MD5

    fc56d2bc4fc963da5a949a38141bc549

  • SHA1

    935336343125c22aa3227c26fb9014ae6576da61

  • SHA256

    7af072164e5fc3c39c58fe100e422e079c2b98ab185065962569ac8b12c7517c

  • SHA512

    eab80c860eac505412486f46157cdeccb98a56c7f6a73730fe436cca0cef4bae31bad8cfb6f3097f361428dd05508fa1d9640a32f2c0932c6843ad00acdd2d42

  • SSDEEP

    12288:VysSrNXgXKcYQcIMQWytGtgZCItzqxVlHeU9MbnpHoc+:gNaK3TvsCgZCIwxbtMbh

Score
10/10
formbookm82ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m82

Decoy

jamesdevereux.com

artificialturfminneapolis.com

hongmeiyan.com

lojaderoupasbr.com

yit.africa

austinrelocationexpert.com

saiva.page

exitsategy.com

chochonux.com

klosterbraeu-unterliezheim.com

byseymanur.com

sblwarwickshire.co.uk

brazimaid.com

ciogame.com

bronzesailing.com

dwkapl.xyz

022dyd.com

compassandpathwriting.com

alphabet1x.com

selfcleaninghairbrush.co.uk

Targets

    • Target

      Purchase Order.exe

    • Size

      681KB

    • MD5

      fc56d2bc4fc963da5a949a38141bc549

    • SHA1

      935336343125c22aa3227c26fb9014ae6576da61

    • SHA256

      7af072164e5fc3c39c58fe100e422e079c2b98ab185065962569ac8b12c7517c

    • SHA512

      eab80c860eac505412486f46157cdeccb98a56c7f6a73730fe436cca0cef4bae31bad8cfb6f3097f361428dd05508fa1d9640a32f2c0932c6843ad00acdd2d42

    • SSDEEP

      12288:VysSrNXgXKcYQcIMQWytGtgZCItzqxVlHeU9MbnpHoc+:gNaK3TvsCgZCIwxbtMbh

    Score
    10/10
    formbookm82ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks