Overview

overview

10

Static

static

dllhost.exe

windows7_x64

10

dllhost.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dllhost.exe

  • Size

    448KB

  • Sample

    211020-mz9snahhaj

  • MD5

    c78d5e89ebecb4d88d3ab36bc47fd7ba

  • SHA1

    476733e0eb88a9dce2a65200c23ddd0d5f2b3496

  • SHA256

    9b6b00b331ea48d5477fbd0ec6e168407dcec59c758eb797c9672d2f74dba12a

  • SHA512

    a4de582e5f599ad11c60dbdb7e7ded18c004f956ec84eb379f30ebd1e83eb3fe938fab821038dcf6c1dff839b329ff85ab556fd75f54e70e332ff25415ddfddb

Score
10/10
formbookkzk9ratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kzk9

C2

http://www.yourmajordomo.com/kzk9/

Decoy

tianconghuo.club

1996-page.com

ourtownmax.net

conservativetreehose.com

synth.repair

donnachicacreperia.com

tentfull.com

weapp.download

surfersink.com

gattlebusinessservices.com

sebastian249.com

anhphuc.company

betternatureproducts.net

defroplate.com

seattlesquidsquad.com

polarjob.com

lendingadvantage.com

angelsondope.com

goportjitney.com

tiendagrupojagr.com

Targets

    • Target

      dllhost.exe

    • Size

      448KB

    • MD5

      c78d5e89ebecb4d88d3ab36bc47fd7ba

    • SHA1

      476733e0eb88a9dce2a65200c23ddd0d5f2b3496

    • SHA256

      9b6b00b331ea48d5477fbd0ec6e168407dcec59c758eb797c9672d2f74dba12a

    • SHA512

      a4de582e5f599ad11c60dbdb7e7ded18c004f956ec84eb379f30ebd1e83eb3fe938fab821038dcf6c1dff839b329ff85ab556fd75f54e70e332ff25415ddfddb

    Score
    10/10
    formbookkzk9ratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks