Overview

overview

10

Static

static

3

RECIBO DE PAGO.exe

windows7-x64

10

RECIBO DE PAGO.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21052024_0325_20052024_RECIBO DE PAGO.zip

  • Size

    536KB

  • Sample

    240521-dytklsga27

  • MD5

    b947e9f3101e719b253101dd317ec70b

  • SHA1

    609552baad37be45b3717926fcdb23431acd6f57

  • SHA256

    d13847c9f9d72d5a9f8b8cf2f5cb860841e0ef97068b61d1fa3ad57d7b0e826c

  • SHA512

    f6eea0d4a4dc65cacd0c7c5bbfc27def1c6901308e6c2ec3a82bebdd99de2be58887063d5bd91e52c621c5499efa7da0e70724974488c5649568b8128f2ea79c

  • SSDEEP

    12288:om9keqYou/DQSZifgeDy1Jfk5I2C10iXFbG+01eLDttPyZFWM:j9ks7/DlIfg0QJft2e0WauttPyyM

Score
10/10
formbookgy14persistenceratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gy14

Decoy

mavbam.com

theanhedonia.com

budgetnurseries.com

buflitr.com

alqamarhotel.com

2660348.top

123bu6.shop

v72999.com

yzyz841.xyz

247fracing.com

naples.beauty

twinklethrive.com

loscaseros.com

creditspisatylegko.site

sgyy3ej2dgwesb5.com

ufocafe.net

techn9nehollywoodundead.com

truedatalab.com

alterdpxlmarketing.com

harborspringsfire.com

Targets

    • Target

      RECIBO DE PAGO.exe

    • Size

      548KB

    • MD5

      b74b83730731291a9af3bfdf0fc93376

    • SHA1

      e8813c1f378b8c4bd599003c7e4e4e67a6975c27

    • SHA256

      559b7d3cd4f753168995adb77f1f13c65e3e120aefd43a4bc931b02e05cfb389

    • SHA512

      21f618b446172ceb11b17c4b3de7c198dd3d9df963fae0c447f46172697faa78ed4abb2035ab6378e8380593a1b7152766badd25ff4b8a0dedc00186f60fd00f

    • SSDEEP

      12288:zeqUou7DQSZiPqebyTJjk5IaC50iXlbe+0tevDptPyeFWb:zQ77DlIPqeoJjtaQ0MaIptPyFb

    Score
    10/10
    formbookgy14persistenceratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Adds policy Run key to start application

      persistence

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1
T1064

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks