Overview

overview

10

Static

static

1

inv300123.pdf.exe

windows7_x64

10

inv300123.pdf.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    inv300123.pdf.rar

  • Size

    236KB

  • Sample

    211013-llc14adfgl

  • MD5

    b593262d2babfb3265de37272c0048aa

  • SHA1

    50e60ed8b6d3ba661d2ce8518316ca7b737d9cbd

  • SHA256

    f69821010916c746e5e371fcd011dda072fdfc09ac964e9db9506a97cec1fe3e

  • SHA512

    8794e400c95a6d913d88c5ceae239570f19a738c4104c582f2041ec355253f79470f014925669104df92c72a067f3283659e3824108fb8fc31780fa661961561

Score
10/10
formbooks3dyratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s3dy

C2

http://www.livelifevibrantcourse.com/s3dy/

Decoy

ravlygte.info

marketnewsville.online

flooring-envy.com

flavourhouston.com

donghohanghieunam.com

globleitsolutions.com

digitalgraphicarts.com

cupidbeautybar.com

cannavybes.com

negative-dsp.com

littledali.com

meltwatersoftware.info

blackdogland.com

danasales.com

mississippiscorecard.com

mainesmoker.com

sirenxinlilzixun.com

tychehang.com

gentciu.com

weckloltd.com

Targets

    • Target

      inv300123.pdf.exe

    • Size

      249KB

    • MD5

      c1d715af9940a5e70e1ab58fecc18dba

    • SHA1

      a223f8c86b1748e3f7bccccd13c864507505e09c

    • SHA256

      3b49db8324bc576c3d9e31d4bd1c27af48f3ec36652b95991a3b4803c6a48ad8

    • SHA512

      99fef3200ab3cf200a4d23ed95edbbc7005b856b599a2b832bedf9cb16ffc62dc6f5bc6c073a95e3f473b055621e4e022801c72ff4c0ab818253fdba59cafd53

    Score
    10/10
    formbooks3dyratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks