Overview

overview

10

Static

static

dokaz o uplati.exe

windows7_x64

10

dokaz o uplati.exe

windows10-2004_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f013713a9e2faa566668681f1a6894d247c966f17f1c8eec7cbb83d2a20dedf1

  • Size

    275KB

  • Sample

    220521-nn633adhh4

  • MD5

    090af1d3851a3a12d0a471625ba13063

  • SHA1

    20195f86c41f2fd2ddb7a1924a59a0bb18a694ec

  • SHA256

    f013713a9e2faa566668681f1a6894d247c966f17f1c8eec7cbb83d2a20dedf1

  • SHA512

    d8a830d2818eb09b5923a088ed71d35a1865bc0bbbdfd82b1d00f31ff993553febe9e19109c88a9433bbc2a048c343b471e6297daea9451a516454ad639d6080

Score
10/10
formbookn7akpersistenceratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n7ak

Decoy

audereventur.com

huro14.com

wwwjinsha155.com

antiquevendor.com

samuraisoulfood.net

traffic4updates.download

hypersarv.com

rapport-happy-wedding.com

rokutechnosupport.online

allworljob.com

hanaleedossmann.com

kauai-marathon.com

bepbosch.com

kangen-international.com

zoneshopemenowz.com

belviderewrestling.com

ipllink.com

sellingforcreators.com

wwwswty6655.com

qtumboa.com

Targets

    • Target

      dokaz o uplati.exe

    • Size

      544KB

    • MD5

      fd7ab257e104265969b3abcf5e1f8e94

    • SHA1

      b0b9b3798b255d9fc1f09152637284aca59da65a

    • SHA256

      61e1401e8c06b9d1c5c15155a7ef7559040c9d8fbb26e5d11c6dcaf0aa191e4d

    • SHA512

      e7fd0d54b7ba8cc4013175f4654ebb1f1bf0e419d622cce4ff9f7182eb535581252e7927b416de3ae1a7e09e34d42d4e0d1fae69f6ca1ba566945082a72f2979

    Score
    10/10
    formbookn7akpersistenceratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Adds policy Run key to start application

      persistence

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks