Overview

overview

10

Static

static

PAN OCEAN ...df.exe

windows7_x64

10

PAN OCEAN ...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PAN OCEAN CO LTD-pdf.exe

  • Size

    505KB

  • Sample

    220131-kjrk2aghan

  • MD5

    bbe4df3ac05fc6d8da76097b48671892

  • SHA1

    dac9a8db9bc9cb91c0977b4477e62ffa77f3969d

  • SHA256

    bcba0056c80d1a5c320dd74fea9caba51cc2f41c4d05215df1ab825a5ca10de4

  • SHA512

    fd090c93491f62cca7ee47abf92dba5425f9933e6291fbd4b63cbf725671f524f0b3f4c2ad7e0863591bd91eee903168220838d0027ffba3ee0b39ec32c1f648

Score
10/10
formbookm17yratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m17y

Decoy

dental-implants-us-prices.site

eolegends.online

drskinstudio.com

miamivideomapping.com

cqytwater.com

fesfe.net

dlautostore.com

wwwpledge.com

trynutiliti.com

551milesoak.com

jemmetalfab.com

teamtrinitysellsncarolina.com

injurypersonallawyer.com

r3qcf2.xyz

djellaba-boutique.com

t6fwagd.xyz

lm-upto100.com

shyashijz.com

classicbasilicata.com

exactias.com

Targets

    • Target

      PAN OCEAN CO LTD-pdf.exe

    • Size

      505KB

    • MD5

      bbe4df3ac05fc6d8da76097b48671892

    • SHA1

      dac9a8db9bc9cb91c0977b4477e62ffa77f3969d

    • SHA256

      bcba0056c80d1a5c320dd74fea9caba51cc2f41c4d05215df1ab825a5ca10de4

    • SHA512

      fd090c93491f62cca7ee47abf92dba5425f9933e6291fbd4b63cbf725671f524f0b3f4c2ad7e0863591bd91eee903168220838d0027ffba3ee0b39ec32c1f648

    Score
    10/10
    formbookm17yratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Command-Line Interface

1
T1059

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks