Overview

overview

10

Static

static

3

Outstandin...nt.exe

windows7-x64

10

Outstandin...nt.exe

windows10-2004-x64

10

Outstandin...nt.exe

android-9-x86

Outstandin...nt.exe

android-10-x64

Outstandin...nt.exe

android-11-x64

Outstandin...nt.exe

macos-10.15-amd64

Outstandin...nt.exe

ubuntu-18.04-amd64

Outstandin...nt.exe

debian-9-armhf

Outstandin...nt.exe

debian-9-mips

Outstandin...nt.exe

debian-9-mipsel

Resubmissions

16-01-2025 05:38

250116-gb4nvawlan 10

16-01-2025 05:35

250116-f9228svjfx 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Outstanding payment.exe

  • Size

    821KB

  • Sample

    250116-gb4nvawlan

  • MD5

    43dc8c62e9343eb01c3ffb53390e2a55

  • SHA1

    af544600a7cba01add858593c892c58fe8d9b024

  • SHA256

    07abbe06a2d17f142846d33bda215df5b05355148c781cb9ff1c8f233f534cbc

  • SHA512

    3efe1503e46c46cb85245c9ad866a509814d5e78ac64a4c88a30513b892f6629739f9c07c551f33de4f60a7ae4fe84e05fbb67aadf0cf78c0778433c4951d2fa

  • SSDEEP

    12288:xugQMUam4GTyWXV7O2mH8pfh388BAov2Zecy8uVdUSuOGpKmW1W63PXGT:xu35nxOH8vTBAovWy8mU5fc/O

Score
10/10
formbooka03dandroiddiscoveryexecutionlinuxmacosratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a03d

Decoy

nfluencer-marketing-13524.bond

cebepu.info

lphatechblog.xyz

haoyun.website

itiz.xyz

orld-visa-center.online

si.art

alata.xyz

mmarketing.xyz

elnqdjc.shop

ensentoto.cloud

voyagu.info

onvert.today

1fuli9902.shop

otelhafnia.info

rumpchiefofstaff.store

urvivalflashlights.shop

0090.pizza

ings-hu-13.today

oliticalpatriot.net

Targets

    • Target

      Outstanding payment.exe

    • Size

      821KB

    • MD5

      43dc8c62e9343eb01c3ffb53390e2a55

    • SHA1

      af544600a7cba01add858593c892c58fe8d9b024

    • SHA256

      07abbe06a2d17f142846d33bda215df5b05355148c781cb9ff1c8f233f534cbc

    • SHA512

      3efe1503e46c46cb85245c9ad866a509814d5e78ac64a4c88a30513b892f6629739f9c07c551f33de4f60a7ae4fe84e05fbb67aadf0cf78c0778433c4951d2fa

    • SSDEEP

      12288:xugQMUam4GTyWXV7O2mH8pfh388BAov2Zecy8uVdUSuOGpKmW1W63PXGT:xu35nxOH8vTBAovWy8mU5fc/O

    Score
    10/10
    formbooka03ddiscoveryexecutionratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook family

      formbook

    • Formbook payload

      rat

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral10behavioral2behavioral3behavioral4behavioral5behavioral6behavioral7behavioral8behavioral9

MITRE ATT&CK Enterprise v15

Tasks