Overview

overview

10

Static

static

9ea8f0cefa...d6.exe

windows7_x64

10

9ea8f0cefa...d6.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9ea8f0cefae38838925df14a6f2a29d6

  • Size

    917KB

  • Sample

    210715-2p7bb9y71x

  • MD5

    9ea8f0cefae38838925df14a6f2a29d6

  • SHA1

    39e17f53087911a9d716f7e1d4c93789995de4de

  • SHA256

    7d46e9015525b4cc3c23cd864847208ec36bad8ddfadb56b672d8c0acbfeae6a

  • SHA512

    e5fb01e53387ae415ff66b091ef6687ae0319d0abb117028c4123e2187488a8252ebeafbc96f5ff135498b10fa622399a4f37bda963cd884a3e517ffe32b7815

Score
10/10
formbookagilenetratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.survivai.com/bsdd/

Decoy

533dh.com

galerisikayet.xyz

tipsyalligator.com

crystalwellnessstudio.com

moovaap.com

lelfie.network

speedy-trips.com

prospectsolucoes.com

24x7customersservice.com

szbinsen.com

shikhardeals.com

totaldenta.com

ayksjx.com

avxrja.online

24kyule888.com

ufaw.net

spinozone.com

castvoicesmsreg.com

lajollawoodworks.com

renetyson.com

Targets

    • Target

      9ea8f0cefae38838925df14a6f2a29d6

    • Size

      917KB

    • MD5

      9ea8f0cefae38838925df14a6f2a29d6

    • SHA1

      39e17f53087911a9d716f7e1d4c93789995de4de

    • SHA256

      7d46e9015525b4cc3c23cd864847208ec36bad8ddfadb56b672d8c0acbfeae6a

    • SHA512

      e5fb01e53387ae415ff66b091ef6687ae0319d0abb117028c4123e2187488a8252ebeafbc96f5ff135498b10fa622399a4f37bda963cd884a3e517ffe32b7815

    Score
    10/10
    formbookagilenetratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks