Overview

overview

10

Static

static

Quotation 400 KVA.exe

windows7_x64

10

Quotation 400 KVA.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quotation 400 KVA.lzh

  • Size

    410KB

  • Sample

    210912-gw38tafbak

  • MD5

    55c2c05cd7b929c985f3ec3279db345e

  • SHA1

    18c5a25687371b5dd72b5958556991d24deccba2

  • SHA256

    3d361c0f0a2be3573ceda5ba7f6357d8394562affb645058d2c71d6acf2d7cc8

  • SHA512

    dedc7a2f30bc509d07185c435f44b1e868cc84b1444af70fd2aea73cbe1e0924d3c00b325aaebcd11a4b9c287ca632d7ebc7a6a7c37875cd6d1762990eb9a5b2

Score
10/10
formbookergsratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ergs

C2

http://www.barry-associates.com/ergs/

Decoy

jardineriavilanova.com

highkeyfashionboutique.com

willingtobuyyourhouse.com

ysfno.com

bjkhjzzs.com

hexmotif.com

intentionalerror.com

nuu-foundfreedom.com

catalystspeechservices.com

blackmybail.com

xntaobaozhibo.com

site-sozdat.online

45quisisanadr.com

ipawlove.com

yifa5188.com

admm.email

houseoftealbh.com

scale-biz.com

vdvppt.club

loveandlight.life

Targets

    • Target

      Quotation 400 KVA.exe

    • Size

      477KB

    • MD5

      29bfe138eb8eb4caf72ed94f4d4fb084

    • SHA1

      fd40dab7902ba104d61e05ad04237ae297448deb

    • SHA256

      85b8983f0d67758fd02b1aa875add6fd3fe6e88f9ade27cb535c490a0c367491

    • SHA512

      e8b98f58487c5a730ec872ea8df90bd84a70fc062bf71096de1a618a8e7a4cdbb3c0287276fc74a2b6b7f4d1300ac7702133ca103a9c4acf8993b21d8888de2b

    Score
    10/10
    formbookergsratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks