Overview

overview

10

Static

static

purchase order.exe

windows7_x64

10

purchase order.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7daa64f8d89deee1ae3390dbdf89df275fba3336d6b33a9fe38903d1045fd3ce

  • Size

    624KB

  • Sample

    220521-ne1jxsggap

  • MD5

    81976c8ce995417db739acd064e97207

  • SHA1

    b6ed7169ed696d7030484332dea31251cba2880f

  • SHA256

    7daa64f8d89deee1ae3390dbdf89df275fba3336d6b33a9fe38903d1045fd3ce

  • SHA512

    8361e82976e420e6c6f051292a283c5b9365b83c3e116bc558e567dbc03d14baa5598b940f62c0f87f56a460e5fe0bb230f37f5a5efe510157ac22838affce23

Score
10/10
formbookmcnpersistenceratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mcn

Decoy

qww13.com

polyadmission.com

blackbaycooler.com

angelmedics.net

saludcomplementariaintegral.com

multonin.reisen

atelier-des-lilas.com

theflamingorealtygroup.info

minnesotaauto.loan

silvfly.com

ubaoc.com

learcane.net

giftcardcodegenerator.com

consciousnessunpleasant.com

g1media.net

wwwstrikeout.com

yimifanghua.com

stampkm.com

bx-wdcl.com

unieekly.net

Targets

    • Target

      purchase order.exe

    • Size

      783KB

    • MD5

      a609941d3573f765b9e5ce5f21bec964

    • SHA1

      22cd8b5de95b184dfa1d49f80a981cd8367cfab8

    • SHA256

      b92daf26444f20dda1b9473af9b4016f67fc4e87761b1429021aceba77e3dd5a

    • SHA512

      d2bcecf3eaabee030cb5081ccc1dba92fd98a9a9b374664631be1a3a4d0615812df2c18127299c4a133358684401ca6fdcbd3e3d0fb05e6f1d2f0687a813070f

    Score
    10/10
    formbookmcnpersistenceratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks