Overview

overview

10

Static

static

novi nalog...gu.exe

windows7_x64

10

novi nalog...gu.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    novi nalog je u prilogu.exe

  • Size

    831KB

  • Sample

    210419-vjn8p78y1e

  • MD5

    fe3d05f5903abce1faaf89b0afd3744e

  • SHA1

    3b4da5ba14989a18614a91a844c67a6a8d8b6f84

  • SHA256

    5281533c78892f2b571668ef9c770ce9c04ee249397040db9b5975ed47601474

  • SHA512

    164d235c4ebfb76ff010e461f4a09b99897e9df54ded6ae0364608835d59422a808f038529dfe829ee9bd13a2b73517c76cc65f1a1ac77142f79686871dcdec0

Score
10/10
formbookpersistenceratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.joomlas123.info/3nop/

Decoy

bakecakesandmore.com

shenglisuoye.com

chinapopfactory.com

ynlrhd.com

liqourforyou.com

leonqamil.com

meccafon.com

online-marketing-strategie.biz

rbfxi.com

frseyb.info

leyu91.com

hotsmail.today

beepot.tech

dunaemmetmobility.com

sixpenceworkshop.com

incrediblefavorcoaching.com

pofo.info

yanshudaili.com

yellowbrickwedding.com

paintpartyblueprint.com

Targets

    • Target

      novi nalog je u prilogu.exe

    • Size

      831KB

    • MD5

      fe3d05f5903abce1faaf89b0afd3744e

    • SHA1

      3b4da5ba14989a18614a91a844c67a6a8d8b6f84

    • SHA256

      5281533c78892f2b571668ef9c770ce9c04ee249397040db9b5975ed47601474

    • SHA512

      164d235c4ebfb76ff010e461f4a09b99897e9df54ded6ae0364608835d59422a808f038529dfe829ee9bd13a2b73517c76cc65f1a1ac77142f79686871dcdec0

    Score
    10/10
    formbookpersistenceratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Adds policy Run key to start application

      persistence

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks