Overview

overview

10

Static

static

IMAGE20210...64.exe

windows7_x64

10

IMAGE20210...64.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMAGE20210503-29001864.exe

  • Size

    769KB

  • Sample

    210503-saadhhqf3s

  • MD5

    5446b16d04c52642a4f7fb51b577a9ac

  • SHA1

    9275563a79d55d929c427e63b88b308c02387a18

  • SHA256

    45ba6a8266131def534de0343789c5280522bf88582384487af7bcd0548b75d4

  • SHA512

    16b941a9337dbbbc49048a23be9a0aef5fb67bd4a352b4f64e46a471753e72c6d48a012feba299bbd3f4ccf7966a9095baac7402c8889089fa867b94ef5dee67

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.merckcbd.com/dei5/

Decoy

studiomullerphoto.com

reallionairewear.com

dogsalondoggy-tail.com

excelmache.net

bigdiscounters.com

7986799.com

ignition.guru

xiaoxu.info

jpinpd.com

solpool.info

uchooswrewards.com

everestengineeringworks.com

qianglongzhipin.com

deepimper-325.com

appliedrate.com

radsazemehr.com

vivabematividadesfisicas.com

capacitalo.com

somecore.com

listingclass.net

Targets

    • Target

      IMAGE20210503-29001864.exe

    • Size

      769KB

    • MD5

      5446b16d04c52642a4f7fb51b577a9ac

    • SHA1

      9275563a79d55d929c427e63b88b308c02387a18

    • SHA256

      45ba6a8266131def534de0343789c5280522bf88582384487af7bcd0548b75d4

    • SHA512

      16b941a9337dbbbc49048a23be9a0aef5fb67bd4a352b4f64e46a471753e72c6d48a012feba299bbd3f4ccf7966a9095baac7402c8889089fa867b94ef5dee67

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks