Overview

overview

10

Static

static

worked.exe

windows7_x64

10

worked.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    worked.exe

  • Size

    776KB

  • Sample

    210121-gy72kezlax

  • MD5

    a8417cfd71637c7371986737cff269cf

  • SHA1

    62764e915771688218d9e93d139a85f8d983e2b8

  • SHA256

    ed806d196c4c8573b7044e2a1f98f01527947c6e95e97a6e9b061ede6ec75664

  • SHA512

    35af7f1511402987a6abcb14ce1be7ccfeaee5fa11ae6c66eb9b1ac0d3dd6690e6f1be8e1163c90b8104b4845da89d7468484b730dc669340694a7a21feeb181

Score
10/10
formbookransomwareratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.maalkhairaatwosu.com/zn7/

Decoy

xaozal.com

yanafarms.com

domennyarendi64.net

bumiflogrance.com

cre8tivspace.com

s3video.com

eshelwoodwork.com

centaurme.com

novarticle.com

jbastavi.com

hueandboldcreative.com

phraeudom.com

bright.discount

brandonandrana.com

budundergisi.xyz

wedochin.com

cryptowaveride.com

dunnwrightconst.com

hakador.net

costcostock.com

Targets

    • Target

      worked.exe

    • Size

      776KB

    • MD5

      a8417cfd71637c7371986737cff269cf

    • SHA1

      62764e915771688218d9e93d139a85f8d983e2b8

    • SHA256

      ed806d196c4c8573b7044e2a1f98f01527947c6e95e97a6e9b061ede6ec75664

    • SHA512

      35af7f1511402987a6abcb14ce1be7ccfeaee5fa11ae6c66eb9b1ac0d3dd6690e6f1be8e1163c90b8104b4845da89d7468484b730dc669340694a7a21feeb181

    Score
    10/10
    formbookransomwareratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks