Overview

overview

10

Static

static

PO 0131.exe

windows7_x64

10

PO 0131.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO 0131.exe

  • Size

    601KB

  • Sample

    220131-m1n8cahacn

  • MD5

    eb437cbf64c34aebc51d6fd32ceec985

  • SHA1

    2a1d8901240f6079da9c6978aabb658d55114d12

  • SHA256

    3d4e25f876b2007b8b03a1d79109a52fcb5602644fb4554eb065f97853daa5de

  • SHA512

    af5a6a5c4479ac2a5dc6988d8a283ff022914347159440bb8f292fa426253cb6eefe67809701eb4996de4f92a85e933003796669523cd99500f5337e547d9d38

Score
10/10
formbookje16persistenceratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

je16

Decoy

antonavt.com

sdfvlog.xyz

xn--arbetslivsaktren-ywb.com

propelcolor.com

uniqueclsssiccars.com

colorbells.com

synjive.com

cloudymellows.com

walltage.com

qterps.com

kezorup.online

soakedindelight.online

thefirstgroupscam.biz

miclanka.com

mwm-security.com

trinksaifenradiodocumentary.com

spineklinik.com

javacodecafe.com

groovyrelease-toknowtoday.info

ventadesillasymesas.com

Targets

    • Target

      PO 0131.exe

    • Size

      601KB

    • MD5

      eb437cbf64c34aebc51d6fd32ceec985

    • SHA1

      2a1d8901240f6079da9c6978aabb658d55114d12

    • SHA256

      3d4e25f876b2007b8b03a1d79109a52fcb5602644fb4554eb065f97853daa5de

    • SHA512

      af5a6a5c4479ac2a5dc6988d8a283ff022914347159440bb8f292fa426253cb6eefe67809701eb4996de4f92a85e933003796669523cd99500f5337e547d9d38

    Score
    10/10
    formbookje16ratspywarestealersuricatatrojanpersistence

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Sets service image path in registry

      persistence

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks