Overview

overview

10

Static

static

SecuriteIn...18.exe

windows7_x64

10

SecuriteIn...18.exe

windows10_x64

10

Analysis

  • max time kernel
    35s
  • max time network
    119s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    22-01-2021 10:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.generic.ml.29418.exe

  • Size

    999KB

  • MD5

    03bfef72c4d962a223cd051d1fe5bbe6

  • SHA1

    bb7097101b26eadb4af50f6e2bb21c2cad610217

  • SHA256

    f59df25daa1bbe11f38724ad0b36eebc535f1f36ae3796ce5bebe1049cbb57ed

  • SHA512

    23b1a4542eb8f530e6984f51e340699c0bda6e03e2c192ef46f61a04358c261ca1f902f5e1c2e36a081fa286f92c4061768e130f38fdca95f3865d9c8cf06874

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.huynhanhdung.com/kna/

Decoy

lawrencefiredepartment.com

executivehomeoffices.com

solfed.world

oshawaexchange.com

webdavlexstore.com

youpieb.com

chiller-master.com

bearstoragetn.com

daf90x16.com

gewhacaalouine.com

simplyezi.com

cstechnologyservices.com

nosyboats.com

thecocomarie.com

vetinaryeco.club

americangoselfilm.com

gdsuhejia.com

verbunden-sein.net

the-minerva.com

loctrantv.com

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook Payload 2 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.generic.ml.29418.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.generic.ml.29418.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4720
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.generic.ml.29418.exe
      "{path}"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2324-12-0x0000000000400000-0x000000000042E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/2324-13-0x000000000041EAB0-mapping.dmp
    Download
  • memory/2324-15-0x0000000001690000-0x00000000019B0000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/4720-2-0x0000000073FA0000-0x000000007468E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/4720-3-0x0000000000AA0000-0x0000000000AA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4720-5-0x0000000005900000-0x0000000005901000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4720-6-0x0000000005400000-0x0000000005401000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4720-7-0x00000000053D0000-0x00000000053D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4720-8-0x0000000005590000-0x000000000559E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/4720-9-0x0000000005580000-0x0000000005581000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4720-10-0x00000000078E0000-0x000000000797A000-memory.dmp
    Filesize

    616KB

    Download
  • memory/4720-11-0x0000000007A20000-0x0000000007A21000-memory.dmp
    Filesize

    4KB

    Download