Overview

overview

10

Static

static

SCAN_20210...69.exe

windows7_x64

10

SCAN_20210...69.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SCAN_20210115140930669.exe

  • Size

    892KB

  • Sample

    210115-4qtepz7sgx

  • MD5

    c0aa1598d486cceab2fdea9a6c41ac0e

  • SHA1

    21263c3f531b81d949bf15c486bc3aeb16b9bb00

  • SHA256

    7aa65f77c48841f9f1545c2e5bb7cb186cd259631c4c449400206f1bb3d16d5e

  • SHA512

    2bba64e13254b3b5dfe98fac0681335a23a801065ffc1a69a80e63d8144067f98edb8c0b252ab8953ac78798dc4b23e4bff188d9ad3508997f6dfa4b7e987c65

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.midnightblueinc.com/2kf/

Decoy

edmondscakes.com

doublewldr.online

tickets2usa.com

heyhxry.com

weightloss-gulfport.com

prosselius.com

newviewroofers.com

jacksonarearealestate.com

catparkas.xyz

pagos2020.com

sonwsefjrahi.online

franchisethings.com

nuocvietngaynay.com

sohelvai.com

mikeyroush.com

lamesaroofing.com

betbigo138.com

amazon-service-recovery.com

clockin.net

riostrader.com

Targets

    • Target

      SCAN_20210115140930669.exe

    • Size

      892KB

    • MD5

      c0aa1598d486cceab2fdea9a6c41ac0e

    • SHA1

      21263c3f531b81d949bf15c486bc3aeb16b9bb00

    • SHA256

      7aa65f77c48841f9f1545c2e5bb7cb186cd259631c4c449400206f1bb3d16d5e

    • SHA512

      2bba64e13254b3b5dfe98fac0681335a23a801065ffc1a69a80e63d8144067f98edb8c0b252ab8953ac78798dc4b23e4bff188d9ad3508997f6dfa4b7e987c65

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks