Overview

overview

10

Static

static

SecuriteIn...23.exe

windows7_x64

10

SecuriteIn...23.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Variant.Bulz.229258.13751.2423

  • Size

    1.1MB

  • Sample

    201125-vvlb1dqvc6

  • MD5

    38277d6e24f7210e5b8d77a337ae51d1

  • SHA1

    b31a7b97f75c7f296bef9eb6d5c2a585bf1d802d

  • SHA256

    9728048925e7faf422c4d7bacfaa90fae8bdcc9efad8a0868b456f3d4b213d09

  • SHA512

    cac75de9024dae4ee011e7957cb410ee8e79550aa37ae184371884a6495e2dd90cc1448a9248dd5ef3e7090288c3cdb5696c99dc433e42a375eaabbf0c9827f7

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.mommabearmoney.com/et2d/

Decoy

wcaconline.com

travelbackpackss.com

ao-m-nishinomiya.com

tilania.com

vegbydesign.net

mybabysisterscloset.com

sanctitude-cuspidated.com

russtybeats.com

dichvubangchuan.com

su-seikatu.info

eratosantorini.com

ninetofivemama.com

delishany.com

pawchamamapet.net

nissicloud.com

strictlyotaku.net

kissmanga.pro

appalachianfx.com

aralending.com

forbrighterlife.com

Targets

    • Target

      SecuriteInfo.com.Variant.Bulz.229258.13751.2423

    • Size

      1.1MB

    • MD5

      38277d6e24f7210e5b8d77a337ae51d1

    • SHA1

      b31a7b97f75c7f296bef9eb6d5c2a585bf1d802d

    • SHA256

      9728048925e7faf422c4d7bacfaa90fae8bdcc9efad8a0868b456f3d4b213d09

    • SHA512

      cac75de9024dae4ee011e7957cb410ee8e79550aa37ae184371884a6495e2dd90cc1448a9248dd5ef3e7090288c3cdb5696c99dc433e42a375eaabbf0c9827f7

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks