Overview

overview

10

Static

static

RFQ QH211013.exe

windows7_x64

10

RFQ QH211013.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ QH211013.7z

  • Size

    843KB

  • Sample

    211017-nsfrnsceh6

  • MD5

    d99f52678eee0b20c44c1373210c334d

  • SHA1

    3988082cbc1f158e7ec71ccfb2cb0a4d5b50384a

  • SHA256

    52ce1d5ff4ad52efd040fc98bfab3dcbe731793216227b7f1d1e6e72dd540dc5

  • SHA512

    509e5b74cee443847c9aea5f79ae3025292dc3e22e5fe914a87a25b783a148b5c73d181b92fa948cc914bd9f7dad656fd854f22692eb7c26988d743cca84d822

Score
10/10
formbookg8niratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g8ni

C2

http://www.er5544.com/g8ni/

Decoy

nickmowat.com

garethjame.biz

colibrilift.com

vulnerabilitylabs.one

neuro-ai-web-ru.website

16mcnaestreetmooneeponds.com

bestofstmaarten.net

meditelier.com

ragnarduke.com

escueladecampo.com

vongtayvn.com

inmemoriamaan.com

yourpeoplemanager.com

r6-gytr.com

agreeablebeauty.com

snpconfirms.com

tribalurq.quest

purafuse.com

cisco-training-course.com

wery.top

Targets

    • Target

      RFQ QH211013.exe

    • Size

      892KB

    • MD5

      4df25b1c20737e69fed5b6efa397653b

    • SHA1

      a6488e2bbdb996e960a53ac240db045f8ecaf0f2

    • SHA256

      8d0f3056715cf96af14714339ef1bc6fef37da86983bd0ba175e098eb0c2be8b

    • SHA512

      b8f5d45cd9e4d52331d48c52d84a0c43369a86a1a4ac0e7d534710887b5d59018b08a1a46db72c93d694d44e016db0508a41dac3d245c3781726e113f44bd66d

    Score
    10/10
    formbookg8niratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks