Overview

overview

10

Static

static

8

SecuriteIn...61.msi

windows7_x64

10

SecuriteIn...61.msi

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Gen.Variant.Androm.29.27447.31261

  • Size

    252KB

  • Sample

    210507-2qnbt25jxa

  • MD5

    2e8b3260047d829ba61205befbaf93fd

  • SHA1

    cc2a109e5faa29d3465c5262edbe2775e8da4bf7

  • SHA256

    1171bee7f280dad2201f6be582f08bf56771c54e4e0912964d93d320f4b1f32a

  • SHA512

    7b0d8d7bf7f08a2c6aa44bbee7da16322a0361df1f3254d31b5e5aa618aa57d9bf45ac296cab05746337f45b863e9f7efc57c3c6e25999e85bd1e4102e9a9964

Score
10/10
formbookmacroratspywarestealertrojanxlm

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.craftsman-vail.com/cca/

Decoy

whenpigsflyhigh.com

artistiklounge.com

tinytrendstique.com

projektpartner-ag.com

charvelevh.com

easycompliances.net

zengheqiye.com

professionalmallorca.com

bonzerstudio.com

nelivo.com

yangxeric.com

aredntech.com

twincitieshousingmarket.com

allshadesunscreen.com

xiang-life.net

qmcp00011.com

lindsayeandmarkv.com

fbcsbvsbvsjbvjs.com

saveonthrivelife.com

newdpo.com

Targets

    • Target

      SecuriteInfo.com.Gen.Variant.Androm.29.27447.31261

    • Size

      252KB

    • MD5

      2e8b3260047d829ba61205befbaf93fd

    • SHA1

      cc2a109e5faa29d3465c5262edbe2775e8da4bf7

    • SHA256

      1171bee7f280dad2201f6be582f08bf56771c54e4e0912964d93d320f4b1f32a

    • SHA512

      7b0d8d7bf7f08a2c6aa44bbee7da16322a0361df1f3254d31b5e5aa618aa57d9bf45ac296cab05746337f45b863e9f7efc57c3c6e25999e85bd1e4102e9a9964

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks