Overview

overview

10

Static

static

yeni sipari?.exe

windows7_x64

10

yeni sipari?.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    54d9e41dc860087321eb979b18858f109d7d45c73da540a19d343fc17cce8ccb

  • Size

    494KB

  • Sample

    220521-atjm3aagd7

  • MD5

    7db666b1c7e2b5814d4ddb8def92a8d5

  • SHA1

    a0a9c0522febf8ccb1354a37f0a42d7b4ce6fd74

  • SHA256

    54d9e41dc860087321eb979b18858f109d7d45c73da540a19d343fc17cce8ccb

  • SHA512

    c46caf30acddc2149df2a48bd79ce3f86976cd2c25d7c8192a86fe27208f7610cbc0d15330aff1858573a60990623b4f15e4ae1806986e221dcda3a38bc8e33e

Score
10/10
formbookkvszratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kvsz

Decoy

okashyns.com

sbsgamedaejeon-two.com

drb77.com

top5dating.com

websprings.online

voizers.com

zenith.site

lahistoriade.com

qv85.com

armandonieto.com

priestvedic.com

jessandjeff.net

magic-desktop.com

jitaji.com

ldmeili.com

yuwanqingmy.com

buzhouorg.com

chaiseloungereviews.com

m2g8way.com

freespin-support.com

Targets

    • Target

      yeni sipari?.exe

    • Size

      648KB

    • MD5

      9db7619bc23ec15cc6863948515acc4e

    • SHA1

      90e5b2e78d2bcc1f6d78ff9bfd9e1ca16b94c605

    • SHA256

      c2100ac52466885fcb64010897d0c7a4178a5c00c47e13261f66976b38f26aaf

    • SHA512

      6676f9434bc4e2f2fe3e256a328554162020e156c576b63eaa7ec2f79f834ecf967610c1dace77f1931f0fd2110aafff656eabe20a76bda8b610e06cbe27cf62

    Score
    10/10
    formbookkvszratspywarestealertrojansuricata

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks