Overview

overview

10

Static

static

10

Listings.exe

windows7_x64

10

Listings.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Listings.exe

  • Size

    1.0MB

  • Sample

    210112-pkbmqp31ya

  • MD5

    8e52804cdbda6301ebcc8305e29a7adb

  • SHA1

    08a307e9beac8a1d92bf0f48b61e3d4cbf00bae1

  • SHA256

    64ec03c92b5fbbb63420e370ff8f879454ddd61c88f3ff41e2f5ce09eabab5f2

  • SHA512

    294156442c6bd4a3d782c07070088fcd901b26b4bceac439c5d77d21f5028548b53f5aaf9c7f75eda78e8856a92c6a2e994b4c29965a4597a69ad4b29e18a745

Score
10/10
formbookmodiloaderpersistenceratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.xn--fteagency-l4a.com/kta/

Decoy

westside-protection.com

masurparty.com

empreendendonlline.com

tldojj.com

aboveground.farm

a5malaysia.com

guchuanjiu.com

freshdogsfood.com

wownewsclub.icu

rosanegarcia.com

hairstyletrending.com

myworld4shop.com

studioexplit.com

rivercityelec.com

andreahendersonrealty.com

matsallen.com

kaeclothingco.com

physicshut.com

tianwz.com

pcstrategies.com

Targets

    • Target

      Listings.exe

    • Size

      1.0MB

    • MD5

      8e52804cdbda6301ebcc8305e29a7adb

    • SHA1

      08a307e9beac8a1d92bf0f48b61e3d4cbf00bae1

    • SHA256

      64ec03c92b5fbbb63420e370ff8f879454ddd61c88f3ff41e2f5ce09eabab5f2

    • SHA512

      294156442c6bd4a3d782c07070088fcd901b26b4bceac439c5d77d21f5028548b53f5aaf9c7f75eda78e8856a92c6a2e994b4c29965a4597a69ad4b29e18a745

    Score
    10/10
    formbookmodiloaderpersistenceratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Formbook Payload

      rat

    • Adds policy Run key to start application

      persistence

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

4
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks