formbook | f182f38dad7fd5bd04289d647f2ada402fa66667653d3173d2963da1da29da01

General

Target

f182f38dad7fd5bd04289d647f2ada402fa66667653d3173d2963da1da29da01
Size

168KB
Sample

220201-c5wswafeak
MD5

000f10f2ef88b8da8f9dbbfa4db17bfc
SHA1

066569003102c421966d731c46fd99338b17d5d2
SHA256

f182f38dad7fd5bd04289d647f2ada402fa66667653d3173d2963da1da29da01
SHA512

dbda5a3f1fc960e3fe1968f07eb4336846dff81c2d78987a9191b7ca4848484220f68c105ea655dc3f9e8bdaeacc6bba7ac84b9cf34e3ee52bdf44c0ad7ead73

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

bul20

Decoy

beziehungswerk.net

madisonroseholtze.com

m8278.com

help-support-appleid-apple.com

moebel-kunst-galerie.com

coincoin9.com

hengshuidashijinbiaosai.com

vahomebuyerprogramsaz.com

sadathetoure.com

bluecottonhome.com

elecypress.com

wangdaijy.com

trendteasindia.com

affordabledrybasements.net

healededucation.com

tenglisy.com

the-brand-nursery.com

1024jjjr.info

sfs-gestion.com

briejanaeblue.com

Targets

- Target
  
  f182f38dad7fd5bd04289d647f2ada402fa66667653d3173d2963da1da29da01
- Size
  
  168KB
- MD5
  
  000f10f2ef88b8da8f9dbbfa4db17bfc
- SHA1
  
  066569003102c421966d731c46fd99338b17d5d2
- SHA256
  
  f182f38dad7fd5bd04289d647f2ada402fa66667653d3173d2963da1da29da01
- SHA512
  
  dbda5a3f1fc960e3fe1968f07eb4336846dff81c2d78987a9191b7ca4848484220f68c105ea655dc3f9e8bdaeacc6bba7ac84b9cf34e3ee52bdf44c0ad7ead73
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Sets service image path in registry

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2