Overview

overview

10

Static

static

1

rrwq200123.exe

windows7_x64

10

rrwq200123.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rrwq200123.exe

  • Size

    253KB

  • Sample

    211018-phstxseebp

  • MD5

    3a5c5bb43232e4e48b63cdf123dec876

  • SHA1

    95b478c57de28b87d6bd87dd32a4faec02b0d620

  • SHA256

    e5ebc473e259ec57e2a831477b449dd07c13198c0db74ce67732a8fce59e25ac

  • SHA512

    59bd907d7faa8aab41c1cfc78d0aabf8592e8e1e8b49abc4340b807718b96d2e281270f15a5767d6df4e4acde5375ed20756c8598019ed927866dc25c70f7281

Score
10/10
formbookrv9nratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rv9n

C2

http://www.cjspizza.net/rv9n/

Decoy

olivia-grace.show

zhuwww.com

keiretsu.xyz

olidnh.space

searuleansec.com

2fastrepair.com

brooklynmetalroof.com

scodol.com

novaprint.pro

the-loaner.com

nextroundscap.com

zbwlggs.com

internetautodealer.com

xn--tornrealestate-ekb.com

yunjiuhuo.com

skandinaviskakryptobanken.com

coxivarag.rest

ophthalmologylab.com

zzzzgjcdbqnn98.net

doeful.com

Targets

    • Target

      rrwq200123.exe

    • Size

      253KB

    • MD5

      3a5c5bb43232e4e48b63cdf123dec876

    • SHA1

      95b478c57de28b87d6bd87dd32a4faec02b0d620

    • SHA256

      e5ebc473e259ec57e2a831477b449dd07c13198c0db74ce67732a8fce59e25ac

    • SHA512

      59bd907d7faa8aab41c1cfc78d0aabf8592e8e1e8b49abc4340b807718b96d2e281270f15a5767d6df4e4acde5375ed20756c8598019ed927866dc25c70f7281

    Score
    10/10
    formbookrv9nratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks