Overview

overview

10

Static

static

scrss.exe

windows7_x64

10

scrss.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    scrss.exe

  • Size

    298KB

  • Sample

    220519-cn29bshfd9

  • MD5

    6cc7f4dc6d60f6b01b7164532f4d4fe6

  • SHA1

    1dbf0fe6eb6c43494507f2cb286eac424ef87e79

  • SHA256

    42d8b7f214ab4c51c337d3abfaa9107f0e8fd78801311e205cd484e4b65fb440

  • SHA512

    1c4b1d5d3cb852eb1f985293a8ab085a416079ab6f71ad7b29866843cb27d6840678a7bdf84252f5952a4037341fd946a201704fd18ddf1aa857960dc7c234de

Score
10/10
formbookfw02ratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fw02

Decoy

payer-breakers.com

thesiscoper.com

rental-villa.com

scovikinnovations.com

hydh33.com

allmyshit.rest

lovejaclyn.com

vanessaruizwriting.com

dufonddelaclasse.com

kiddee168.com

monumentalmarketsllc.com

musclegainfatloss.com

avida.info

cosmo-wellness.net

dandelionfusedigital.com

oversizeloadbanners.com

konstelle.store

sdjnsbd.com

czoqg.xyz

5p6xljjse1lq.xyz

Targets

    • Target

      scrss.exe

    • Size

      298KB

    • MD5

      6cc7f4dc6d60f6b01b7164532f4d4fe6

    • SHA1

      1dbf0fe6eb6c43494507f2cb286eac424ef87e79

    • SHA256

      42d8b7f214ab4c51c337d3abfaa9107f0e8fd78801311e205cd484e4b65fb440

    • SHA512

      1c4b1d5d3cb852eb1f985293a8ab085a416079ab6f71ad7b29866843cb27d6840678a7bdf84252f5952a4037341fd946a201704fd18ddf1aa857960dc7c234de

    Score
    10/10
    formbookfw02ratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks