Overview

overview

10

Static

static

SecuriteIn...34.exe

windows7_x64

10

SecuriteIn...34.exe

windows10_x64

10

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    05-05-2021 05:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.Win32.Save.a.1760.6134.exe

  • Size

    2.4MB

  • MD5

    6da8e0e9d3f4d31afc310050825cea27

  • SHA1

    47512cec2a0608c17b01e9fdf40776ec99743cf0

  • SHA256

    9c9dfbf8c44bbe594498ebf93efd84fcf73d66d9c6d5b86e9979afe5e9e9330c

  • SHA512

    bb45fadb068eb2e2aaec99c609ebd3256ac038a506a548085d24191d1d9a993d627c0791e190aef561344bcb1897511e90f4bac96707e5099d07ec218af8871b

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.intelliedgeclinical.net/god/

Decoy

aprendiz.digital

baby-rosy.com

buzzstreetnews.com

restoredscore.com

fullbeingphysician.com

gameonaustralia.com

famdns.com

compassionatecare-llc.com

yureb.com

bike-abruzzo.com

hibiskuricity.site

hindusetu.com

searchingkitsapcountyhomes.com

trespal.com

forenvid.com

gangnamstationithacany.com

roshan-prime.com

fsmstudio.com

bilecikvinckiralama.com

cash4urhousekeys.com

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook Payload 2 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Win32.Save.a.1760.6134.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Win32.Save.a.1760.6134.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:804
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Win32.Save.a.1760.6134.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Win32.Save.a.1760.6134.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/804-114-0x0000000000F80000-0x0000000000F81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/804-116-0x0000000005BA0000-0x0000000005BA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/804-117-0x0000000006140000-0x0000000006141000-memory.dmp
    Filesize

    4KB

    Download
  • memory/804-118-0x0000000005C40000-0x0000000005C41000-memory.dmp
    Filesize

    4KB

    Download
  • memory/804-119-0x0000000005C40000-0x000000000613E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/804-120-0x0000000005B60000-0x0000000005B61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/804-121-0x0000000005E30000-0x0000000005E31000-memory.dmp
    Filesize

    4KB

    Download
  • memory/804-122-0x0000000005B80000-0x0000000005B8E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/804-123-0x00000000067C0000-0x000000000683E000-memory.dmp
    Filesize

    504KB

    Download
  • memory/804-124-0x0000000008D30000-0x0000000008D65000-memory.dmp
    Filesize

    212KB

    Download
  • memory/3048-126-0x000000000041EBD0-mapping.dmp
    Download
  • memory/3048-125-0x0000000000400000-0x000000000042E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/3048-128-0x0000000001CD0000-0x0000000001FF0000-memory.dmp
    Filesize

    3.1MB

    Download