Overview

overview

10

Static

static

Bank Slip.exe

windows7_x64

10

Bank Slip.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bank Slip.7z

  • Size

    453KB

  • Sample

    211102-xvjqsahefp

  • MD5

    80e210a711a6a1c2ada9302034a0d936

  • SHA1

    2f486c1bfe41dd76b371d7f5bfa55518de77109c

  • SHA256

    7ad52e6203a53f00cd4fe729c698a8c4fb5aa3641b762217e0e32448e81ea563

  • SHA512

    56c0c389e2f3c831a6131f5086cf19ce47ccc6bedf2017b3c5bb90f4697a071cca2e48b2c33d9ff06d995eb25438f760c309149af07bd200766f510b4f4cb2f2

Score
10/10
formbookr4gkratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

r4gk

C2

http://www.aprilsaak.quest/r4gk/

Decoy

quantalix.com

animalblog-eggs.com

039skz.xyz

guttas.net

lasantadayparty.com

protegerfinanceservices.com

vixtest.xyz

digitaleconomy.global

0xpax.xyz

mobilehome1688.com

themotionpartners.com

valueney.com

hattuafhv.quest

js0061gj.net

360metaverse.biz

seculardata.com

346727688.xyz

smartmapom.com

moksel.com

exoduswatchco.com

Targets

    • Target

      Bank Slip.exe

    • Size

      687KB

    • MD5

      70b451bd89a63b00a420d5104fe67853

    • SHA1

      dc119895d29fd939c45ca5f839c4f94ee81df84d

    • SHA256

      9611957db07f36a13d7e43f5c32c08c0e3c44c689e7d88c832490e3d259cfb48

    • SHA512

      db248cf9b258a34dbf449ecce4b1e473adaff398bf0955cc4b700ca3aa881ad148d90a02a70958ba01087b04cfda9625a92cbaded8afe7000709b2ecf5a5d5e2

    Score
    10/10
    formbookr4gkratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks