Overview

overview

10

Static

static

3

payment.exe

windows7-x64

10

payment.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    payment.exe

  • Size

    770KB

  • Sample

    230516-zqz83sce84

  • MD5

    844d534ed53e2ce289e54680908762f1

  • SHA1

    6c44532a512b208454e7f9c95c4e7bcd3acccd29

  • SHA256

    74ed6e04325307fef674714dbd65803fe7a4d5d784522c7b65cf5f9953b2042c

  • SHA512

    17a2e3bdd0cf7c30a5e08b44e1e3b17d21281f41ebdfb1967935d54c237c18c1eb11f75304bed66c1037b2417f913c56fc709d0e8b72124f66c1c211931178bd

  • SSDEEP

    12288:UfgZMSljShyNfDr40tw9TcXCN0nlE2pYUXcjSVub:IgZjIcDE0tw9T5IlE2eUXckub

Score
10/10
formbookm82ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m82

Decoy

jamesdevereux.com

artificialturfminneapolis.com

hongmeiyan.com

lojaderoupasbr.com

yit.africa

austinrelocationexpert.com

saiva.page

exitsategy.com

chochonux.com

klosterbraeu-unterliezheim.com

byseymanur.com

sblwarwickshire.co.uk

brazimaid.com

ciogame.com

bronzesailing.com

dwkapl.xyz

022dyd.com

compassandpathwriting.com

alphabet1x.com

selfcleaninghairbrush.co.uk

Targets

    • Target

      payment.exe

    • Size

      770KB

    • MD5

      844d534ed53e2ce289e54680908762f1

    • SHA1

      6c44532a512b208454e7f9c95c4e7bcd3acccd29

    • SHA256

      74ed6e04325307fef674714dbd65803fe7a4d5d784522c7b65cf5f9953b2042c

    • SHA512

      17a2e3bdd0cf7c30a5e08b44e1e3b17d21281f41ebdfb1967935d54c237c18c1eb11f75304bed66c1037b2417f913c56fc709d0e8b72124f66c1c211931178bd

    • SSDEEP

      12288:UfgZMSljShyNfDr40tw9TcXCN0nlE2pYUXcjSVub:IgZjIcDE0tw9T5IlE2eUXckub

    Score
    10/10
    formbookm82ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks