Overview

overview

10

Static

static

1

Item lists.exe

windows7_x64

10

Item lists.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Item lists.exe

  • Size

    467KB

  • Sample

    211019-cee3fagafl

  • MD5

    de5906d5741fa79fb87624e45b9d3b86

  • SHA1

    ccf8c98ff308a3e94e1ec2eec0715825acf99462

  • SHA256

    7702ee7d36c36c8cc3a67bec6ff636c9f1fe7e16a9f125303886c43f1b49407a

  • SHA512

    af3dbecbbdbbd780b7f879755da97d17ab4bca89c6b7db4e97004d7ad005518a10d9f1bf1588c5c5d8fe7b05078a5165d88f5b113920c34d6d74f2bfd47f9e0e

Score
10/10
formbookok3sratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ok3s

C2

http://www.bigboytoystorage.com/ok3s/

Decoy

berrymealsonwheels.com

elegancefoodsnam.com

xn--paravocvendas-vhb.com

kite22.com

somolinosstrategies.com

allslotasia.com

zxqycxppw.com

appsvaportheeight.xyz

naturalbeautyattitude.com

compass1st.com

findlends.com

pxlstreamingstudios.com

getquicktrimketo.com

sigmakule.com

cooperfultoncpsc240.net

frgb.xyz

crowdestage.club

qranto.space

landtiger.cloud

arleuf.com

Targets

    • Target

      Item lists.exe

    • Size

      467KB

    • MD5

      de5906d5741fa79fb87624e45b9d3b86

    • SHA1

      ccf8c98ff308a3e94e1ec2eec0715825acf99462

    • SHA256

      7702ee7d36c36c8cc3a67bec6ff636c9f1fe7e16a9f125303886c43f1b49407a

    • SHA512

      af3dbecbbdbbd780b7f879755da97d17ab4bca89c6b7db4e97004d7ad005518a10d9f1bf1588c5c5d8fe7b05078a5165d88f5b113920c34d6d74f2bfd47f9e0e

    Score
    10/10
    formbookok3sratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks