Overview

overview

10

Static

static

CONFIRM2.exe

windows7_x64

10

CONFIRM2.exe

windows10-2004_x64

1

CONFIRM_.exe

windows7_x64

10

CONFIRM_.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b38872afd836a86bc739092c37215174e09d8ffdd8955c750ce940675de88b08

  • Size

    1.4MB

  • Sample

    220201-tt4g1shgd2

  • MD5

    830e9471901a342b1c97e4fc1b79c1b1

  • SHA1

    0e5a59e9f7ad5624bf3129a84d4846e6183af605

  • SHA256

    b38872afd836a86bc739092c37215174e09d8ffdd8955c750ce940675de88b08

  • SHA512

    6a1d31811d7da476e1ca9865666b0db335c0fc23684b223eb9c76e4e1f1500816cb0c3ecdb43b04d76f7481515341aac14ef33c88333c6b37664f4a29a21b09f

Score
10/10
agentteslaformbookergskeyloggerratspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    admin@evapimplogs.com
  • Password:
    Everest10

Extracted

Family

formbook

Version

4.1

Campaign

ergs

Decoy

oceanprimesanfrancisco.com

dk-tnc.com

sodangwang.com

abrat-ed.com

dusubiqiqijem.xyz

getsup.online

homeneto.com

shose8.com

tronlane.com

nidowicosasod.xyz

independienteatleticclub.com

pca-winschool.com

realbadnastystories.site

bluevioletfloral.com

simplifiedpeacepodcast.com

abcfreediving.com

theyardbunny.com

holoique.com

ibkr1325.com

tjnfioou.xyz

Targets

    • Target

      CONFIRM2.EXE

    • Size

      439KB

    • MD5

      964a3b643ea6fe03ba7eafdf9b3e8120

    • SHA1

      f767f86a4c297b54cc91d67450da022816cfcc4d

    • SHA256

      34ca9a1b6fd8f866a4209606109611b0d3d095c956033fa2869a1cfc6ba760bf

    • SHA512

      ed0eaf4cc49710168d3988e5385818bb7f74ed7d9768e0d0892b40582d8cef5601d6f52514d1b671c599996e3b2c4a9a208573baa04df8d3e67b327f969d5247

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan
    behavioral1behavioral2

    • Target

      CONFIRM_.EXE

    • Size

      417KB

    • MD5

      abb3147d8c0e9f65b3248004b8fffb91

    • SHA1

      127a10da0021ae217648b3636f38d84b8f1459f1

    • SHA256

      009e6b48b7d9b2a802d6e831138b1e55c4390861c123287e134bbc21f8a6e225

    • SHA512

      af55e007019139a2257815f50f4e1de3fbc6e1fc9195104c989dc6935bc3ec494c2a5900fb56d13fcf1c1a9043659e9c77a7af37b17aec63d9c59a88b9efed02

    Score
    10/10
    formbookergsratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks