Overview

overview

10

Static

static

fe46779833...99.exe

windows7_x64

10

fe46779833...99.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fe467798339147792366428612398f3cf4a6673900a87a8e3e924656ecbba699

  • Size

    636KB

  • Sample

    220201-cwdkyafcfr

  • MD5

    3350a71f73f0ac67f88113ede092ffac

  • SHA1

    f77c57526bb4413c885feb79beb64d63b8af35ca

  • SHA256

    fe467798339147792366428612398f3cf4a6673900a87a8e3e924656ecbba699

  • SHA512

    1d7b6fcd0f8714bc40811da034118207a72d192bee38101cb8677ca2a43b975c4ba41c26883dad55c6f6e11bd0a7d185890c107e7ead55192813873b885bb538

Score
10/10
formbookdoypersistenceratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

doy

Decoy

greenunitedconsulting.net

yh443333.com

ffixenmta.info

npen.ltd

webeatanycar.net

advromeda.com

opallus.com

clch262.com

songbook.ltd

chicken.deals

gvhfzj.com

hbwinter.com

bluegourmetusa.info

bangla-khobor.com

oltzmann.com

fukuoka-muslim-lifestyle.info

ss4tube.com

guigetance.com

forummajadas.info

gmckohalpur.com

Targets

    • Target

      fe467798339147792366428612398f3cf4a6673900a87a8e3e924656ecbba699

    • Size

      636KB

    • MD5

      3350a71f73f0ac67f88113ede092ffac

    • SHA1

      f77c57526bb4413c885feb79beb64d63b8af35ca

    • SHA256

      fe467798339147792366428612398f3cf4a6673900a87a8e3e924656ecbba699

    • SHA512

      1d7b6fcd0f8714bc40811da034118207a72d192bee38101cb8677ca2a43b975c4ba41c26883dad55c6f6e11bd0a7d185890c107e7ead55192813873b885bb538

    Score
    10/10
    formbookdoyratspywarestealertrojanpersistence

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Sets service image path in registry

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks