Overview

overview

10

Static

static

3

Invoice copy.pdf.exe

windows7-x64

10

Invoice copy.pdf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice copy.pdf.exe

  • Size

    608KB

  • Sample

    240418-hj8s7sfc5v

  • MD5

    49e038fcffc683c025060ca5610e0ad3

  • SHA1

    20007286f125b0f2dbd097000c1c3cd014372d1e

  • SHA256

    37fd7b8035bd49b8dfad405a793428dda8cbf623de0133818756d05a1191d8b7

  • SHA512

    18656778b3924b0eb02547d32bbf8949cda4b7734b2c94f95a1117f75bdc526d58bdec344bcfeff94ba14cfbe6bd2fa919288eecccb0d1d62d0b54a16384926f

  • SSDEEP

    12288:7WkV9mUBhIooC3jjSc6bun4f8vNN3JRSA/DGzf9JEMWI:7WkV9mGuqzjSc6bkzN5RL/Ub9

Score
10/10
formbookfs83ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fs83

Decoy

blastol.space

tomwalkerisfalco.com

us-sumatrraslimbellytonic.com

drywallandpaintingservice.com

vntapp.net

passportpages.site

at-mim.com

yeondagoods.com

teomanyildirim.com

paygame.site

senze.art

alhandco.com

9831bsej.xyz

traumatic.xyz

sos-soutien.com

thetechnolgy.live

washing-machine-46612.bond

marvsneakers.com

shequbaike.net

xc4f35fg4h35fg4h53.top

Targets

    • Target

      Invoice copy.pdf.exe

    • Size

      608KB

    • MD5

      49e038fcffc683c025060ca5610e0ad3

    • SHA1

      20007286f125b0f2dbd097000c1c3cd014372d1e

    • SHA256

      37fd7b8035bd49b8dfad405a793428dda8cbf623de0133818756d05a1191d8b7

    • SHA512

      18656778b3924b0eb02547d32bbf8949cda4b7734b2c94f95a1117f75bdc526d58bdec344bcfeff94ba14cfbe6bd2fa919288eecccb0d1d62d0b54a16384926f

    • SSDEEP

      12288:7WkV9mUBhIooC3jjSc6bun4f8vNN3JRSA/DGzf9JEMWI:7WkV9mGuqzjSc6bkzN5RL/Ub9

    Score
    10/10
    formbookfs83ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks