Overview

overview

10

Static

static

SecuriteIn...15.exe

windows7_x64

10

SecuriteIn...15.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Suspicious.Win32.Save.a.22468.1615

  • Size

    892KB

  • Sample

    211016-fjj4qsbfh7

  • MD5

    4df25b1c20737e69fed5b6efa397653b

  • SHA1

    a6488e2bbdb996e960a53ac240db045f8ecaf0f2

  • SHA256

    8d0f3056715cf96af14714339ef1bc6fef37da86983bd0ba175e098eb0c2be8b

  • SHA512

    b8f5d45cd9e4d52331d48c52d84a0c43369a86a1a4ac0e7d534710887b5d59018b08a1a46db72c93d694d44e016db0508a41dac3d245c3781726e113f44bd66d

Score
10/10
formbookg8niratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g8ni

C2

http://www.er5544.com/g8ni/

Decoy

nickmowat.com

garethjame.biz

colibrilift.com

vulnerabilitylabs.one

neuro-ai-web-ru.website

16mcnaestreetmooneeponds.com

bestofstmaarten.net

meditelier.com

ragnarduke.com

escueladecampo.com

vongtayvn.com

inmemoriamaan.com

yourpeoplemanager.com

r6-gytr.com

agreeablebeauty.com

snpconfirms.com

tribalurq.quest

purafuse.com

cisco-training-course.com

wery.top

Targets

    • Target

      SecuriteInfo.com.Suspicious.Win32.Save.a.22468.1615

    • Size

      892KB

    • MD5

      4df25b1c20737e69fed5b6efa397653b

    • SHA1

      a6488e2bbdb996e960a53ac240db045f8ecaf0f2

    • SHA256

      8d0f3056715cf96af14714339ef1bc6fef37da86983bd0ba175e098eb0c2be8b

    • SHA512

      b8f5d45cd9e4d52331d48c52d84a0c43369a86a1a4ac0e7d534710887b5d59018b08a1a46db72c93d694d44e016db0508a41dac3d245c3781726e113f44bd66d

    Score
    10/10
    formbookg8niratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks