Overview

overview

10

Static

static

scan._bank...21.exe

windows7_x64

10

scan._bank...21.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74506f556773236a68fc166698f0e652871cbe8b548538c16a1435f2e9ae62dc

  • Size

    438KB

  • Sample

    220131-vv5bdaagh3

  • MD5

    c7dd14b7cd5e6e09144978eeb2da8984

  • SHA1

    ed90c64edc294662bf6a4d23b7e166d9792e9d50

  • SHA256

    74506f556773236a68fc166698f0e652871cbe8b548538c16a1435f2e9ae62dc

  • SHA512

    0abdc8eb5b4b03c85f74b0bd0c675f0ac018fb21e4754271d11e9637bcb9fbff392ff0578a5ec1d2e2d6a4a72820c725a26dc6c1a899f3f654d8ab1a16898f04

Score
10/10
formbookim8rpersistenceratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

im8r

Decoy

rivoluzione2020.online

palacesaintgermain.com

creatri.com

krazzyhost.com

xxxstreaming.online

perfectoptionsfx.com

creativebay.art

hazelineshop.com

stfpk.com

flaxx.life

symphonyone.info

amlakzamanpor.com

indianhomehealthcare.net

blacktanandwhite.com

kannabofy.com

anthonycrivello.com

eduvill.net

bonnybuy.com

burneteris.info

mysarasotahomevalue.com

Targets

    • Target

      scan._bank_transfer_alhali_bank_12_09_2021.bat

    • Size

      595KB

    • MD5

      2bf76c0c064f27112084d2b519c5c5f0

    • SHA1

      1776615c937ec34b85d6333ab02d0571afffb6f6

    • SHA256

      31573322ef0e4c9d77a36ba43b66edc88da6d66a7be519d118b7c01d0986baca

    • SHA512

      b9ed3eb56cc3838c67d56c5eff065a876c0599d60a400a0eb0c722ad9ce0658379383635ed0393cce8007688e174e425196d8aa8fef80e88049588da09583cc2

    Score
    10/10
    formbookim8rratspywarestealertrojanpersistence

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Sets service image path in registry

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks