Overview

overview

10

Static

static

Quotation.exe

windows7_x64

10

Quotation.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quotation.exe

  • Size

    792KB

  • Sample

    220125-rmtywshbh6

  • MD5

    4896d39c691c80da22e0820c28ce8afd

  • SHA1

    05cb9fcefddf18ce6f66cb6c7454ea64d98eff1c

  • SHA256

    27b119bcaa4cbf8aa1724911fcf3e21917f0a4db830075cea3e5072fc525db32

  • SHA512

    4934b61592847a23023639e80bc95240e186f780fd358b63582bb39dcd39a1026137b0c5639cc61fcd8ec5919e7e422de1f8dbdf1b2b2b0d3b343ae97d3c2270

Score
10/10
formbookm25mratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m25m

Decoy

vcinteriordesign.net

wahl.technology

howty.online

merakitaj.com

linklist.host

chengyumeta.com

thescottishtenors.com

fatima-alzaidani.com

darktealfox.com

yunyusuo.com

nftqueen.store

china-xlxh.com

bestvetcbd.com

sailjiu.com

leenings.net

proveedorampsxxi.com

survivingsilver.com

pyramidsupports.com

ftacjh0bx.online

tinthuongvang2021.com

Targets

    • Target

      Quotation.exe

    • Size

      792KB

    • MD5

      4896d39c691c80da22e0820c28ce8afd

    • SHA1

      05cb9fcefddf18ce6f66cb6c7454ea64d98eff1c

    • SHA256

      27b119bcaa4cbf8aa1724911fcf3e21917f0a4db830075cea3e5072fc525db32

    • SHA512

      4934b61592847a23023639e80bc95240e186f780fd358b63582bb39dcd39a1026137b0c5639cc61fcd8ec5919e7e422de1f8dbdf1b2b2b0d3b343ae97d3c2270

    Score
    10/10
    formbookm25mratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks