Overview

overview

10

Static

static

5

BASF PETRO...FQ.exe

windows7-x64

10

BASF PETRO...FQ.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aaca9b99719b9e0d55a48dd32f87c970fd0d079237eeb021210a275aacb95184

  • Size

    625KB

  • Sample

    240903-b17txatcjk

  • MD5

    5cda645fcb167ad95b801ef55c24aba4

  • SHA1

    b5cd4edf5d50cadfa4e7875fefa1b49487037109

  • SHA256

    aaca9b99719b9e0d55a48dd32f87c970fd0d079237eeb021210a275aacb95184

  • SHA512

    f4302a827c4322ae80ad34b3d85552ed5efffbbed1d8324593738d25f88c96291162222c17855ddf902d83fe9e4e993ca3695d14885fcb5f70812ae00ea46d92

  • SSDEEP

    12288:PMUdMC/wp6zow4RqSGL8QR042ey68hPHwnOrokutV978qSZ6b0WvCJM:3dMC/q6z4qSGo20Qy68ZHQOrKV93U60m

Score
10/10
formbookwh6adiscoveryratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wh6a

Decoy

tair-lift-42713.bond

ventura-homes.net

anvasbackred.shop

icksandmore.net

untsvilleboatrentals.net

xyv.lat

hbvc.xyz

uang88-toko.xyz

ersonalisedwrappingpaper.online

reepoin1.buzz

hosemansisthis.xyz

64kyt6v.christmas

qgbiwbk.shop

reywolfcdn.net

rupovvz.online

ras-es-0.bond

latitudinarian.world

eamautorent.online

rioritymarketingsolutions.world

merican-viplata-peoplleua.world

Targets

    • Target

      BASF PETRONAS Chemicals - RFQ.exe

    • Size

      1.0MB

    • MD5

      fd400f9fdd400093e67d0692b24eca96

    • SHA1

      ef09de86c8868d634924edd815f83211a8760964

    • SHA256

      367c5877d8f75cdc6d3f42c0f5a43f37d5faa47f74ab9be2a5f508a678de65fd

    • SHA512

      37f29e4c5ccc0f59d6d0a6cbdf6be50a400946b428bc4886c6eb6be041edd14b6ed9da2e8c85addc8ec93113db7929cd4855275194d84f52e513fddf6b821f18

    • SSDEEP

      24576:gAHnh+eWsN3skA4RV1Hom2KXMmHaAQVZBUQ0Wjz5:Xh+ZkldoPK8YaAQVzUQP

    Score
    10/10
    formbookwh6adiscoveryratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks