Overview

overview

10

Static

static

3

Ordem de c...23.exe

windows7-x64

10

Ordem de c...23.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ordem de compra confirmada OC 215 Nortaluga Lda 08082023.exe

  • Size

    806KB

  • Sample

    230809-v8wamaff3v

  • MD5

    5f41a9b656d58e1490e0689dfcbac025

  • SHA1

    4f604324498d3b23c410f50cb20f4c7d0077115d

  • SHA256

    b289fe67b0185e1ba0177f583675ce399772bf03fd813d47835c45427f71fbf0

  • SHA512

    4246060c3885ce954b70252f68d7bd293672940c75a2a3a2fed7179320256239bd2bda1daaf89ecaf8b54be89f211ce799acd41d6fd2481c2e2e6a1b3fdc5e4a

  • SSDEEP

    24576:Kik1oB0qnJjJuNXMJSCLAN548K7r26mgTlZ3:KikaBj7JYN548e26mi

Score
10/10
formbookjr22ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jr22

Decoy

941zhe.com

lunarportal.space

xn--osmaniyeiek-t9ab.online

trejoscar.com

nrnursery.com

quizcannot.cfd

seedstockersthailand.com

watsonwindow.com

wjfholdings.com

weziclondon.com

naruot.xyz

yeji.plus

classicmenstore.com

oharatravel.com

therapyplankits.com

keviegreshonpt.com

qdlyner.com

seithupaarungal.com

casinorates.online

8ug4as.icu

Targets

    • Target

      Ordem de compra confirmada OC 215 Nortaluga Lda 08082023.exe

    • Size

      806KB

    • MD5

      5f41a9b656d58e1490e0689dfcbac025

    • SHA1

      4f604324498d3b23c410f50cb20f4c7d0077115d

    • SHA256

      b289fe67b0185e1ba0177f583675ce399772bf03fd813d47835c45427f71fbf0

    • SHA512

      4246060c3885ce954b70252f68d7bd293672940c75a2a3a2fed7179320256239bd2bda1daaf89ecaf8b54be89f211ce799acd41d6fd2481c2e2e6a1b3fdc5e4a

    • SSDEEP

      24576:Kik1oB0qnJjJuNXMJSCLAN548K7r26mgTlZ3:KikaBj7JYN548e26mi

    Score
    10/10
    formbookjr22ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks