Overview

overview

10

Static

static

SecuriteIn...63.exe

windows7_x64

10

SecuriteIn...63.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.Inject4.17696.9430.31863

  • Size

    417KB

  • Sample

    211018-jvej6sebak

  • MD5

    cdda5b2580b9392c15f9dbf31e194a48

  • SHA1

    8f74a7b387f298192730c46b837d6821d50a915b

  • SHA256

    5c4023944c61d2985cc5c50811481eb3cd64d4e3caba1e4f96d8fcc7adf7c72a

  • SHA512

    d0d2cfae7ca0da54d30dd32aa02639affb538e2b025a58a0558b258e4ae9a35b159b46259429b04d7aaa5d74d32bd35630782f777a6c2c40b2cdfcdcdaeb12c9

Score
10/10
formbookmyndratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mynd

C2

http://www.dtcu0ng.com/mynd/

Decoy

bbluedot3dwdbuy.com

aucworks.com

seekselflove.com

thebrandolphcollection.com

saint-daniel.info

covidtestcharleston.com

buniy.com

welprosol.com

focusedbusinesspartners.com

ichikawa.ltd

nieght.com

beediecandleco.com

gracobby.com

nowipe.club

meherconsultancy.com

didonghanquocxachtay.online

snovythailand.com

onetimecreditscore.net

hayosiapa.com

dumpstersforsellers.com

Targets

    • Target

      SecuriteInfo.com.Trojan.Inject4.17696.9430.31863

    • Size

      417KB

    • MD5

      cdda5b2580b9392c15f9dbf31e194a48

    • SHA1

      8f74a7b387f298192730c46b837d6821d50a915b

    • SHA256

      5c4023944c61d2985cc5c50811481eb3cd64d4e3caba1e4f96d8fcc7adf7c72a

    • SHA512

      d0d2cfae7ca0da54d30dd32aa02639affb538e2b025a58a0558b258e4ae9a35b159b46259429b04d7aaa5d74d32bd35630782f777a6c2c40b2cdfcdcdaeb12c9

    Score
    10/10
    formbookmyndratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks