Overview

overview

10

Static

static

9

PO C10090.exe

windows7_x64

10

PO C10090.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc867430c8efb6bfa3c5c95cc1378607a14d740b5597a69b9a05dd278fc542ed

  • Size

    264KB

  • Sample

    220521-nybpxaecf6

  • MD5

    8ad3c1e4cc63bc6f9f41c15781508481

  • SHA1

    55b5c94ee0cd0b43af44f3beff2eead12d08c4b1

  • SHA256

    fc867430c8efb6bfa3c5c95cc1378607a14d740b5597a69b9a05dd278fc542ed

  • SHA512

    b526f8e72a10727ada7474b9ac7b9f3133aadd26749628716e97aea4b7dcbf817d56b03ae65a52c84b57896ca8d3a6bfccde67f66b7f172b327e5692423bc906

Score
10/10
formbookq5epersistenceratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

q5e

Decoy

2177.ltd

thanxiety.com

max-width.com

fixti.net

mostmaj.com

mobilteknolojiuzmani.com

historyannals.com

wheelchairmotion.com

mossandmoonstonestudio.com

kastellifournis.com

axokey.net

peekl.com

metsteeshirt.com

abcfinancial-inc.com

btxrsp.com

amydh.com

ccoauthority.com

lumacorretora.com

kimfelixrealtor.com

iconext.biz

Targets

    • Target

      PO C10090.exe

    • Size

      309KB

    • MD5

      52b9520f67483c03673b18e500cdb728

    • SHA1

      c23ebfec4a59e85985dabe251390a195ce3d43ca

    • SHA256

      65cd6807556189c85811f11fb91a981749e7d9760e5a72c0845dd6b8ff93a8f9

    • SHA512

      38b4ca1c96f6436a7a884ea949af40a2ef52446a0aaeee27e925b8eb8954ded1fcd0f07337d397f9bb4e69c73ccd019826de9cdb0530fa709db7a988cb658677

    Score
    10/10
    formbookq5epersistenceratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks