Overview

overview

10

Static

static

PI 46788393.exe

windows7_x64

10

PI 46788393.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    241937fdff6aeae4c5a60bc707c331504d4b5c8df13b97ddd2e8da2107978f0e

  • Size

    355KB

  • Sample

    220521-dvtq7sbdcj

  • MD5

    5bda56bf95a4cc0997bdb896cc581b65

  • SHA1

    aa2adf240ec8373f129ee4c090c03bf254325b91

  • SHA256

    241937fdff6aeae4c5a60bc707c331504d4b5c8df13b97ddd2e8da2107978f0e

  • SHA512

    ddb30ab743f2cb4bbfe71afe83593548c18b65c9403d0be83341abc29008f27225b054b3f8051beb58d3996560cc283fe914e89fb16aa54504180b8400e9036a

Score
10/10
formbookq5eratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

q5e

Decoy

2177.ltd

thanxiety.com

max-width.com

fixti.net

mostmaj.com

mobilteknolojiuzmani.com

historyannals.com

wheelchairmotion.com

mossandmoonstonestudio.com

kastellifournis.com

axokey.net

peekl.com

metsteeshirt.com

abcfinancial-inc.com

btxrsp.com

amydh.com

ccoauthority.com

lumacorretora.com

kimfelixrealtor.com

iconext.biz

Targets

    • Target

      PI 46788393.exe

    • Size

      530KB

    • MD5

      1365ef23d6453fbc22a28ee56bec858b

    • SHA1

      c3f1def4b65bc427e791d2e285beadf5b0dfc654

    • SHA256

      773fbca16ec67d4820654e39aaa65645f8608a8f7186f12b5ed62498ff1334c6

    • SHA512

      35aff0f520f713c53420644f3fb92e6037614691934939781299e1350dd290b92ed4c7d1b8e7aa4ac164b9d1ffbde98838740e0ec4ce2798b93b45d44c2b6592

    Score
    10/10
    formbookq5eratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks