Overview

overview

10

Static

static

IMAGE 005667.exe

windows7_x64

10

IMAGE 005667.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMAGE 005667.exe

  • Size

    774KB

  • Sample

    210510-slw64tka9j

  • MD5

    e001b88c46b3e8da9380d8e0f5ee879e

  • SHA1

    450d538f9d57f78075dd5fbf889841d4a0822172

  • SHA256

    d91c6941790f363546482c6dd71f70a1c54cf1e9f4666f4aaca5931d3395593b

  • SHA512

    d574afe8394696528b08c037615cf41a138207e8c653072dd85b31ac47f76dcb56ef692b6a8dd607357b2a6b467d3c5ae2bc65ac54c8cd9d65a3c2b795fdd0ce

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.glittergalsboutique.com/8buc/

Decoy

affiliatetraining101.com

sun5new.com

localstuffunlimited.store

getmrn.com

nipandtucknurse.com

companycreater.com

painfullyperfect.com

3dmobilemammo.com

theredbeegroup.net

loochaan.com

alanoliveiramkt.com

lxwzsh.com

twobookramblers.com

cscardinalmalula.net

hanarzr.com

sabaicp.com

foodprocessmedia.com

tirongroup.com

dcentralizedcloud.com

xn--80abnkzb2a.xn--p1acf

Targets

    • Target

      IMAGE 005667.exe

    • Size

      774KB

    • MD5

      e001b88c46b3e8da9380d8e0f5ee879e

    • SHA1

      450d538f9d57f78075dd5fbf889841d4a0822172

    • SHA256

      d91c6941790f363546482c6dd71f70a1c54cf1e9f4666f4aaca5931d3395593b

    • SHA512

      d574afe8394696528b08c037615cf41a138207e8c653072dd85b31ac47f76dcb56ef692b6a8dd607357b2a6b467d3c5ae2bc65ac54c8cd9d65a3c2b795fdd0ce

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks