Overview

overview

10

Static

static

Se adjunta...ta.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Se adjunta estado de cuenta.exe

  • Size

    774KB

  • Sample

    211014-ldwhgagfhm

  • MD5

    4a951f6b124474b354ad38403074d5bd

  • SHA1

    b633ade3ba620fcc4ae0a96adc0e30c502cf3017

  • SHA256

    5d94a08cddf84ab11cc26e7e8531a04bab46f9ddf44c1ccd7e38a269ffdfaad0

  • SHA512

    3b1c03ee01a32e186e4a9a84f90f6713c90c7cc04e974d28956155ba754d5cc19e5544b9815b069a5284dd1d05eecd36b4e137945619281041b43c5f26a53d73

Score
10/10
formbookbc3spersistenceratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bc3s

C2

http://www.topei-products.com/bc3s/

Decoy

anna-ng.com

mariangelamata.com

szqnbl.com

nesherguitars.com

mysekrit.com

againbeautyviensui.xyz

appf.life

bilalsolution.com

technoratii.com

11restoran.com

birthingly.com

crystalcarrillo.com

cohenasset.info

bunchofdesign.com

highstreetmag.com

talentkerning.com

outdoor-glassesadvice.com

aliceeety.com

habbuhot.info

pao91.com

Targets

    • Target

      Se adjunta estado de cuenta.exe

    • Size

      774KB

    • MD5

      4a951f6b124474b354ad38403074d5bd

    • SHA1

      b633ade3ba620fcc4ae0a96adc0e30c502cf3017

    • SHA256

      5d94a08cddf84ab11cc26e7e8531a04bab46f9ddf44c1ccd7e38a269ffdfaad0

    • SHA512

      3b1c03ee01a32e186e4a9a84f90f6713c90c7cc04e974d28956155ba754d5cc19e5544b9815b069a5284dd1d05eecd36b4e137945619281041b43c5f26a53d73

    Score
    10/10
    formbookbc3spersistenceratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks