Overview

overview

10

Static

static

1

Order_CF00128.exe

windows7_x64

10

Order_CF00128.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Order_CF00128.exe

  • Size

    249KB

  • Sample

    220131-spl7haheem

  • MD5

    3354c90e93804da5b59c5e037bde0e0e

  • SHA1

    ed6b364621233b681788f4598ff17268d15c2729

  • SHA256

    46eb08598db36bbd56aa97a864deb6e81b1a4f335cab69c02a163c7621f1d7e4

  • SHA512

    fb72d0af999edc22712e517fa850f7ef22494734835ae1873abff5610ae890518479232c1cd41365b5fc8f04613b0570d45362e9c1c479e9a1565c38555c5b4f

Score
10/10
formbookos16persistenceratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

os16

Decoy

nautic-experts-hageboelling.com

fullharvestfundraising.com

xbdsm.club

duocaterers.com

prizebuddy.club

nillprive.com

firebreathingpenguin.com

buxledger.com

annual-journals.com

mydemosite0.com

noaoka.com

eblaghe-iran.xyz

globalyuncang.com

jacqueson-autocars.com

asiafinances.com

howtomakearesume.space

modernwarfaresecrets.com

dualamaquinaria.com

thrili.com

gracing-up.com

Targets

    • Target

      Order_CF00128.exe

    • Size

      249KB

    • MD5

      3354c90e93804da5b59c5e037bde0e0e

    • SHA1

      ed6b364621233b681788f4598ff17268d15c2729

    • SHA256

      46eb08598db36bbd56aa97a864deb6e81b1a4f335cab69c02a163c7621f1d7e4

    • SHA512

      fb72d0af999edc22712e517fa850f7ef22494734835ae1873abff5610ae890518479232c1cd41365b5fc8f04613b0570d45362e9c1c479e9a1565c38555c5b4f

    Score
    10/10
    formbookos16ratspywarestealersuricatatrojanpersistence

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Sets service image path in registry

      persistence

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks