Overview

overview

10

Static

static

N5teSBoBlVySUoq.exe

windows7_x64

10

N5teSBoBlVySUoq.exe

windows10_x64

10

Resubmissions

10-08-2020 08:42

200810-12br5knqes 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    N5teSBoBlVySUoq.exe

  • Size

    501KB

  • Sample

    200810-12br5knqes

  • MD5

    6c914ab41b3b8fcd47d2b52458aa98ac

  • SHA1

    dc01e0c3bca0facd2f4838ac42b94ff0c3c88bd1

  • SHA256

    2d8474bdd8b6122aa79a3b86f729f9aa4f83a2ccf6a51ab510d753b47fc01189

  • SHA512

    44cb0d199025cbf4bc6b6fedca53bc6aed9f676c436ded8a88eefef12a846d3ed8fb612bc9713cea6a7bd2d07fac88a009e1c659379cec43aa571fa69d800984

Score
10/10
formbookevasionratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.mansiobok.info/h8ofs/

Decoy

totum-community.com

fintechguardian.com

playwithyourkid.com

jeanstrousers.com

alimentosprobioticos.com

innovationembassies.net

qmfwig.men

choose-vida.com

mcmontagem.com

2math4all.com

ubersize.com

epicmediasv.com

kombipetektemizligi.com

provinsijawabarat.com

godhasanaddress.com

neural.link

mobiola.biz

kuckoorock.com

hideawaytrails.com

coolbrunettegirlsvideo.site

Targets

    • Target

      N5teSBoBlVySUoq.exe

    • Size

      501KB

    • MD5

      6c914ab41b3b8fcd47d2b52458aa98ac

    • SHA1

      dc01e0c3bca0facd2f4838ac42b94ff0c3c88bd1

    • SHA256

      2d8474bdd8b6122aa79a3b86f729f9aa4f83a2ccf6a51ab510d753b47fc01189

    • SHA512

      44cb0d199025cbf4bc6b6fedca53bc6aed9f676c436ded8a88eefef12a846d3ed8fb612bc9713cea6a7bd2d07fac88a009e1c659379cec43aa571fa69d800984

    Score
    10/10
    ratevasiontrojanspywarestealerformbook

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks