Overview

overview

10

Static

static

1

ijeonyi.com.exe

windows7_x64

10

ijeonyi.com.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ijeonyi.com

  • Size

    2.7MB

  • Sample

    210419-cklfhp3pj6

  • MD5

    a4c6ea4179cc3e52033866c2e100aa83

  • SHA1

    3d282d189f9b1920de79e4dd0aa36cc280f6b53e

  • SHA256

    1baad45cc119fef01aa0a48c0ea82a6dc10c3365d44984d50f94f25866063474

  • SHA512

    0519e921e35d85872f0e8b73a60efb108ab17c81bc1cdfcdc75e9df225ddf8fb6c8d262f63e0ff1f0efb76990808f102214db6f6239d38fd866a1c64130787f3

Score
10/10
formbookpersistenceratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.hollandhousedesigns.design/vns/

Decoy

sparkspressworld.com

everydayresidency.com

thebosscollectionn.com

milkweedmagic.com

worklesshours.com

romeosfurnituremadera.com

unclepetesproduce.com

athleticamackay.com

9nhl.com

powellassetmanagement.com

jxlamp.com

onpointpetproducts.com

buymysoft.com

nazertrader.com

goprj.com

keeptalkservice.com

aolei1688.com

donstackl.com

almasorchids.com

pj5bwn.com

Targets

    • Target

      ijeonyi.com

    • Size

      2.7MB

    • MD5

      a4c6ea4179cc3e52033866c2e100aa83

    • SHA1

      3d282d189f9b1920de79e4dd0aa36cc280f6b53e

    • SHA256

      1baad45cc119fef01aa0a48c0ea82a6dc10c3365d44984d50f94f25866063474

    • SHA512

      0519e921e35d85872f0e8b73a60efb108ab17c81bc1cdfcdc75e9df225ddf8fb6c8d262f63e0ff1f0efb76990808f102214db6f6239d38fd866a1c64130787f3

    Score
    10/10
    formbookpersistenceratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks