Overview

overview

10

Static

static

RFQ-2176 N...AY.exe

windows7_x64

10

RFQ-2176 N...AY.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    069f4f64_by_Libranalysis

  • Size

    609KB

  • Sample

    210507-qm87apkb36

  • MD5

    069f4f64184f2de8ea2b59c8599e723a

  • SHA1

    907048c49433bce35dc436aa534125b93987b1e1

  • SHA256

    199e6cb2e7f907f2f9ff30a25edb130dd330a44fdd6873c83abd4731e2d5f262

  • SHA512

    f0e21335f833ed12e60effa9bfcd06c6733a22cfb634461a86aa08cbfd743ccebe970a16ab133ca33c9e107541c557b819e16c9bb8a6bd99012cc7ff5cd454bc

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.royalelectricvehicle.com/m8uk/

Decoy

blackcountryteshirts.com

pioneergeoscience.com

calacciwedding.com

theelegantdoorbow.com

graciosera.com

kwikversity.com

izita.xyz

drivewiththebest.co.uk

kakback.xyz

sachascott.net

lifeenterprisesystems.com

interimgirl.com

myviralplatform.com

spainmatrimony.com

supergenx.com

leglehla.icu

otlhswdok.icu

1stfdsqnre.com

xxxcentral.net

movimentare.com

Targets

    • Target

      RFQ-2176 NEW PROJECT QUOTATION MAY.exe

    • Size

      664KB

    • MD5

      e635ebf84417ed9ed97d4516de0cdaba

    • SHA1

      33716297dd627e23010332c9fefd443447aeb47b

    • SHA256

      cb0386454b283917d742dc6833ef4d7f5aaeeb5cd92acf9d54bb495752cdcda6

    • SHA512

      e8ceacf9fcb559776237ba2de9518ee557ba8a073820403d59fa1f592c5047d349897003b304f3ee53c075413d7eebbd3a5c962dcf1b3d71f14c642fd4f8c5da

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks