Overview

overview

10

Static

static

Shipping d...DF.exe

windows7_x64

10

Shipping d...DF.exe

windows10_x64

10

Resubmissions

27-07-2021 19:58

210727-zryy5tgqke 10

26-04-2021 12:43

210426-a8lwg89rb6 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Shipping documents PDF.exe

  • Size

    831KB

  • Sample

    210727-zryy5tgqke

  • MD5

    81b0bdef857aa70ba8bfe0cb6d02f727

  • SHA1

    328ce667e6d7fff59c3f27c0fcda338159c37c6f

  • SHA256

    ecc540938addc1a440ef6ceb7714a0b45153c04c28df4395e3de18181439341a

  • SHA512

    2b9c6596589265ed4a849d14e10cebff7fdac9a9a0bf7b4a6e33b41b38151a6f63aeb78b4c69e74b6a90be07c470bb86d8da2db988e2863f778780e4c07e238b

Score
10/10
formbookratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://w����5 �@q[*��S=���m

Targets

    • Target

      Shipping documents PDF.exe

    • Size

      831KB

    • MD5

      81b0bdef857aa70ba8bfe0cb6d02f727

    • SHA1

      328ce667e6d7fff59c3f27c0fcda338159c37c6f

    • SHA256

      ecc540938addc1a440ef6ceb7714a0b45153c04c28df4395e3de18181439341a

    • SHA512

      2b9c6596589265ed4a849d14e10cebff7fdac9a9a0bf7b4a6e33b41b38151a6f63aeb78b4c69e74b6a90be07c470bb86d8da2db988e2863f778780e4c07e238b

    Score
    10/10
    formbookratspywarestealertrojansuricata

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks