Overview

overview

10

Static

static

PO LS632911DX.exe

windows7_x64

10

PO LS632911DX.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO LS632911DX.exe

  • Size

    823KB

  • Sample

    210726-8r5m975kpx

  • MD5

    27816f5bbff9bb6d4cc2e1be225a435b

  • SHA1

    fd1f06a502d374711697015cc897fdb28e402e16

  • SHA256

    c2a7767b9323fd3630a56a3fb09a7884bd7dfb0f7146d5caafff472205e1ebdc

  • SHA512

    4bee32d2df168aeba05ceb9e511f84d4a7aa5d08c96047cf6ca0f3241e6d4fb8e4cf5e1cee3e6389e9ceaca400769032bd85b5f323975fdbed4963a3e5a7a217

Score
10/10
formbookagilenetratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.survivai.com/bsdd/

Decoy

533dh.com

galerisikayet.xyz

tipsyalligator.com

crystalwellnessstudio.com

moovaap.com

lelfie.network

speedy-trips.com

prospectsolucoes.com

24x7customersservice.com

szbinsen.com

shikhardeals.com

totaldenta.com

ayksjx.com

avxrja.online

24kyule888.com

ufaw.net

spinozone.com

castvoicesmsreg.com

lajollawoodworks.com

renetyson.com

Targets

    • Target

      PO LS632911DX.exe

    • Size

      823KB

    • MD5

      27816f5bbff9bb6d4cc2e1be225a435b

    • SHA1

      fd1f06a502d374711697015cc897fdb28e402e16

    • SHA256

      c2a7767b9323fd3630a56a3fb09a7884bd7dfb0f7146d5caafff472205e1ebdc

    • SHA512

      4bee32d2df168aeba05ceb9e511f84d4a7aa5d08c96047cf6ca0f3241e6d4fb8e4cf5e1cee3e6389e9ceaca400769032bd85b5f323975fdbed4963a3e5a7a217

    Score
    10/10
    formbookagilenetratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks