Overview

overview

10

Static

static

3

Statement ...nt.exe

windows7-x64

10

Statement ...nt.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Statement Of Account.exe

  • Size

    772KB

  • Sample

    240423-t8y6vaaa44

  • MD5

    da68e8ff4e0c0d00c613fa9301cf4a37

  • SHA1

    7456cf2540dce6403407b532c502ce5abb07e9ec

  • SHA256

    b7def3af905789a4ecedcc226d91592d8bc758ce8c5458d62ef435707de8670f

  • SHA512

    3ac31e76311ad1acec983dedb6f2142471a6225bb279a5c9425fd75a15971d2e635ec4d7dfc8a060b1d647ef67d168504452a4acf4500047f31c63c932de99f6

  • SSDEEP

    12288:xSNhWU2EOum32U5Gt68PG+SAJYyEQzHmt5xCohEotOJ6E+L+BtN:xSLrvUGt07MY9xCohEl8LaN

Score
10/10
formbookgs12ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gs12

Decoy

juniavilela.com

italiahealth.club

freefoodpro.com

qqmotor.co

mosahacatering.com

wocc.club

tourly360.com

airzf.com

eternalknot1008.com

pons.cc

zdryueva.com

bodution.website

vip8g100013.top

3box.club

bestoffersinoneplace.com

tronbank.club

hlysh.live

allfireofferapp.sbs

goldenvistaservices.com

theconfidencebl-youprint.com

Targets

    • Target

      Statement Of Account.exe

    • Size

      772KB

    • MD5

      da68e8ff4e0c0d00c613fa9301cf4a37

    • SHA1

      7456cf2540dce6403407b532c502ce5abb07e9ec

    • SHA256

      b7def3af905789a4ecedcc226d91592d8bc758ce8c5458d62ef435707de8670f

    • SHA512

      3ac31e76311ad1acec983dedb6f2142471a6225bb279a5c9425fd75a15971d2e635ec4d7dfc8a060b1d647ef67d168504452a4acf4500047f31c63c932de99f6

    • SSDEEP

      12288:xSNhWU2EOum32U5Gt68PG+SAJYyEQzHmt5xCohEotOJ6E+L+BtN:xSLrvUGt07MY9xCohEl8LaN

    Score
    10/10
    formbookgs12ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Command and Scripting Interpreter

1
T1059

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks