Overview

overview

10

Static

static

RFQ-GIFI.exe

windows7_x64

10

RFQ-GIFI.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bc3b7f1af580c86302a0e14d9d4c78465d367d541a40b412b77b295192c63580

  • Size

    238KB

  • Sample

    220520-qvctxahadq

  • MD5

    b79f17c71761cda547aa9f9714b939b3

  • SHA1

    7f7e9cf879c4be6470ded658cfe231d884e01c26

  • SHA256

    bc3b7f1af580c86302a0e14d9d4c78465d367d541a40b412b77b295192c63580

  • SHA512

    55210d4231183b0d8c6b1602a76d5c1e925daa4b7aabbc099735cb0a80672643f6e994c04971df72fe69db79747cb92b8f7d0e6fee346b44ca11f2cddae2369b

Score
10/10
formbookq5epersistenceratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.0

Campaign

q5e

Decoy

cryptoxc.world

lotto18coin.net

jinfuzeneiyo.com

ekljfd.info

fundme360.com

catfishingtrickssubscribers.com

account-applerestore-help.com

macys-giveaway.site

vtwomenswellness.net

naxagoras.com

beatumcosmetic.com

pitchperfect3full.com

entertheartoffrenchliving.com

maithecat.com

skooey.com

genenv.com

projectxstream.com

liladasgupta.com

whitecloverwedding.net

zchinahu.com

Targets

    • Target

      RFQ-GIFI.exe

    • Size

      325KB

    • MD5

      ac10041c949e8d23e31e92ea5878808e

    • SHA1

      d1d5d26b9f599b03a1e1982f2c57114752d70f2a

    • SHA256

      7050254375f80a115a4a4a497bd423bcedd3b5bf2dcd8aceca58376cbc6b23a2

    • SHA512

      e2b913681dad28f4bd844145a5fd070587308d7bd37e076e2698d15a34f3ecf98a0aac36177e3dbd2cde5ed0b4d71a310e64422d963c00da07180cfb34654dbd

    Score
    10/10
    formbookq5epersistenceratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks