Overview

overview

10

Static

static

1

llkir43123.exe

windows7_x64

10

llkir43123.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    llkir43123.exe

  • Size

    306KB

  • Sample

    211006-pvl7xabdbm

  • MD5

    75f07a08beea06b2f54754860db47a11

  • SHA1

    a2e1b6d45881ba19e977e3f096a9a08a50f1aaf2

  • SHA256

    3cc97e74a5fe7f0cea8e82512a8923a4dc1bb1afe702bb53876136b5362fbfe3

  • SHA512

    9ff7b681212da848b9900f714d88ae02a457bb943637438469c457818aa1da45de91b404d32da0170b77eb5211effb8afdb36815bd500597f5347aace529f641

Score
10/10
formbookrv9nratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rv9n

C2

http://www.cjspizza.net/rv9n/

Decoy

olivia-grace.show

zhuwww.com

keiretsu.xyz

olidnh.space

searuleansec.com

2fastrepair.com

brooklynmetalroof.com

scodol.com

novaprint.pro

the-loaner.com

nextroundscap.com

zbwlggs.com

internetautodealer.com

xn--tornrealestate-ekb.com

yunjiuhuo.com

skandinaviskakryptobanken.com

coxivarag.rest

ophthalmologylab.com

zzzzgjcdbqnn98.net

doeful.com

Targets

    • Target

      llkir43123.exe

    • Size

      306KB

    • MD5

      75f07a08beea06b2f54754860db47a11

    • SHA1

      a2e1b6d45881ba19e977e3f096a9a08a50f1aaf2

    • SHA256

      3cc97e74a5fe7f0cea8e82512a8923a4dc1bb1afe702bb53876136b5362fbfe3

    • SHA512

      9ff7b681212da848b9900f714d88ae02a457bb943637438469c457818aa1da45de91b404d32da0170b77eb5211effb8afdb36815bd500597f5347aace529f641

    Score
    10/10
    formbookrv9nratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks