formbook | ef5668ef9d4d57dde144de48458f5b007c8045798aebbeec51274ff0287655d3

General

Target

ef5668ef9d4d57dde144de48458f5b007c8045798aebbeec51274ff0287655d3
Size

168KB
Sample

220201-c646msgad3
MD5

7fb0b7e3dd50bbe49d8b71a275b01a23
SHA1

da3b80acb0ce3f1b44aebb1b495ac3625ccf64a3
SHA256

ef5668ef9d4d57dde144de48458f5b007c8045798aebbeec51274ff0287655d3
SHA512

b53bdd8aaaafbd0c8a0e6c156f5d80fdce2bb345360ad7a916206d7258169a8e68e9ffa2b105887cd86383732fff1d30cf282766f16e64c4855ad816a4155bfd

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

5ti

Decoy

ozdealpal.com

oneshottet.com

likeyuanziwen.com

navarrogestioweb.com

wegorace.com

collage.coffee

guanghuiyuyan.com

kysmokeshop.com

livelovesierradeloro.com

populationcanter.com

unitedstatescpa.com

archeurifrancescomarconi.com

dakdekker-utrecht.com

theedgetime.com

icecreamedu.com

bethemen.com

setyourselfuptowin.com

jiekuchewu.com

campfirepunkrock.com

saudiarabiawomen.info

Targets

- Target
  
  ef5668ef9d4d57dde144de48458f5b007c8045798aebbeec51274ff0287655d3
- Size
  
  168KB
- MD5
  
  7fb0b7e3dd50bbe49d8b71a275b01a23
- SHA1
  
  da3b80acb0ce3f1b44aebb1b495ac3625ccf64a3
- SHA256
  
  ef5668ef9d4d57dde144de48458f5b007c8045798aebbeec51274ff0287655d3
- SHA512
  
  b53bdd8aaaafbd0c8a0e6c156f5d80fdce2bb345360ad7a916206d7258169a8e68e9ffa2b105887cd86383732fff1d30cf282766f16e64c4855ad816a4155bfd
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Sets service image path in registry

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2