Overview

overview

10

Static

static

8

SecuriteIn...91.msi

windows7_x64

10

SecuriteIn...91.msi

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Gen.Variant.Androm.29.9877.8691

  • Size

    252KB

  • Sample

    210507-mejwp18y7x

  • MD5

    e329a2ae51067a9ae8a508fb7dd34ca8

  • SHA1

    e2371038a5cac558e52297cb808ead02c2150c36

  • SHA256

    9de1892b227f07e8896b3dfa4d1f8b450bf2af962b1ec34f3075acc7a4187259

  • SHA512

    e76add738078a81d9465e0e9f40638dc385b9909428d684d5048ae3c6549de040012d8a2310f05e10e94cef4528d3e08490a96774dbb848003ef31f70886febc

Score
10/10
formbookmacroratspywarestealertrojanxlm

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.111bjs.com/ccr/

Decoy

abdullahlodhi.com

jevya.com

knoxvillerestaurant.com

mekarauroko7389.com

cricketspowder.net

johannchirinos.com

orangeorganical.com

libero-tt.com

lorenaegianluca.com

wintab.net

modernmillievintage.com

zgdqcyw.com

jeffabildgaardmd.com

nurulfikrimakassar.com

findyourchef.com

innovationsservicegroup.com

destek-taleplerimiz.com

whfqqco.icu

kosmetikmadeingermany.com

dieteticos.net

Targets

    • Target

      SecuriteInfo.com.Gen.Variant.Androm.29.9877.8691

    • Size

      252KB

    • MD5

      e329a2ae51067a9ae8a508fb7dd34ca8

    • SHA1

      e2371038a5cac558e52297cb808ead02c2150c36

    • SHA256

      9de1892b227f07e8896b3dfa4d1f8b450bf2af962b1ec34f3075acc7a4187259

    • SHA512

      e76add738078a81d9465e0e9f40638dc385b9909428d684d5048ae3c6549de040012d8a2310f05e10e94cef4528d3e08490a96774dbb848003ef31f70886febc

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks