Overview

overview

10

Static

static

1

SecuriteIn...03.exe

windows7_x64

10

SecuriteIn...03.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Gen.Variant.Androm.29.10561.9603

  • Size

    277KB

  • Sample

    210510-n5cvyzb682

  • MD5

    1eee31b469afc0350b13b3f5749e7df9

  • SHA1

    2469eefb13b89912c0f557390f9c5d56999bd9aa

  • SHA256

    78b11874a66b80ec78962b27c352a643d1a11c7f5cf9273f0db06df3f4f7e76c

  • SHA512

    55a5bf6f3467dc31ef6aa3e5a60034959d850387c52238c86bb34da0964996e4b9a7d8b1587da9a441b812d8cf5ccd216f0f5da462dbe8ab05583c8d04bacfce

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.knighttechinca.com/dxe/

Decoy

sardarfarm.com

959tremont.com

privat-livecam.net

ansel-homebakery.com

joysupermarket.com

peninsulamatchmakers.net

northsytyle.com

radioconexaoubermusic.com

relocatingrealtor.com

desyrnan.com

onlinehoortoestel.online

enpointe.online

rvvikings.com

paulpoirier.com

shitarpa.net

kerneis.net

rokitreach.com

essentiallygaia.com

prestiged.net

fuerzaagavera.com

Targets

    • Target

      SecuriteInfo.com.Gen.Variant.Androm.29.10561.9603

    • Size

      277KB

    • MD5

      1eee31b469afc0350b13b3f5749e7df9

    • SHA1

      2469eefb13b89912c0f557390f9c5d56999bd9aa

    • SHA256

      78b11874a66b80ec78962b27c352a643d1a11c7f5cf9273f0db06df3f4f7e76c

    • SHA512

      55a5bf6f3467dc31ef6aa3e5a60034959d850387c52238c86bb34da0964996e4b9a7d8b1587da9a441b812d8cf5ccd216f0f5da462dbe8ab05583c8d04bacfce

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks