Overview

overview

10

Static

static

Nécessair...é.scr

windows7_x64

10

Nécessair...é.scr

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nécessaire personnalisé.scr

  • Size

    535KB

  • Sample

    210723-7v88ck5w2x

  • MD5

    11e51d4472e3b7318f53dbf0ce0b7dc9

  • SHA1

    c71811898b9c8186b806d0ddcc5c39ee43b5c624

  • SHA256

    777099a02f34b28dc78e4f5aebe54f19ee391449b8648f611c6cf3c0352f9ee8

  • SHA512

    23db199d471475f6866ddcf4cdc79a3979f5d88b3f312e4e02ffc7ffa815580a234654d281ffcc6d890cda4c0ef72a3380c94a3326c7a6378bc2eae21f193212

Score
10/10
formbookratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.celinehair.com/e7hf/

Decoy

miaozhunjingzhijia.com

mindplayva.com

vbetturkey.com

panevnyk.space

philiprankinemarketing.com

rosascleaningpros.com

nadersadek.info

2of237woodlandstreet.com

thegroomingdrs.com

cloudtrending.com

viajenscomcafe.com

medkomp.online

hohlola.com

ksremy.com

watermarkwpb.com

work4villageinn.com

pollmag.com

organizingbypaty.com

awakenwithrochelle.com

walcottstreetdental.site

Targets

    • Target

      Nécessaire personnalisé.scr

    • Size

      535KB

    • MD5

      11e51d4472e3b7318f53dbf0ce0b7dc9

    • SHA1

      c71811898b9c8186b806d0ddcc5c39ee43b5c624

    • SHA256

      777099a02f34b28dc78e4f5aebe54f19ee391449b8648f611c6cf3c0352f9ee8

    • SHA512

      23db199d471475f6866ddcf4cdc79a3979f5d88b3f312e4e02ffc7ffa815580a234654d281ffcc6d890cda4c0ef72a3380c94a3326c7a6378bc2eae21f193212

    Score
    10/10
    formbookratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks