Overview

overview

10

Static

static

IMAGES-001...DF.exe

windows7_x64

10

IMAGES-001...DF.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f5724fd0f22c33f2e9e1158976c6db54b02ba90774ee26eb5e423d5a816bea3c

  • Size

    315KB

  • Sample

    220521-pdtknaacfn

  • MD5

    5ec3febf93b49ff95b8c96f65da8a468

  • SHA1

    094b980b64cf66da7a02e5e978cb773ea429013a

  • SHA256

    f5724fd0f22c33f2e9e1158976c6db54b02ba90774ee26eb5e423d5a816bea3c

  • SHA512

    b83a76844bdcce897893eca3c87e6652e5937ee25467f96b77e889d914a679ff1f4553309320b28ab81e1dc60d2a1e984c211b12feb7ca65b8fb0b135eaf34de

Score
10/10
formbookgmcpersistenceratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gmc

Decoy

lidaisifang.com

allthatmarket.com

izebike.com

believers.community

redwtf.com

garageloftdesigns.com

flatfeerealtyjax.com

top7blog.com

isotopemimosa.win

turkiyeyedonuyorum.com

rennlaist.com

industryepidemics.com

ps2korea.com

gregoryoreilly.info

bestcheapoemsoftware.com

gudkar.com

soccer-scoring.com

noakhalaup.com

fusejs.com

sendereasy.com

Targets

    • Target

      IMAGES-001-QUOTE REQUEST #21800176_354667485903 _09_07_2020PDF.exe

    • Size

      504KB

    • MD5

      c1b13db471da675d9887133f6de51d4d

    • SHA1

      ee4185e2232581c17e45b5598a07a99f49887364

    • SHA256

      8ea404b56d3341cbcc42c2f9b99c6cf8aa457d94b5319e19bee72859be9b1c32

    • SHA512

      40076fb9f71a1c96be4883cc595a7cbee3da9701ad2633d20a31d125a19382ad14b43de18ff17eac96d211e2885137d61ee34065739c6b5967592a91c8050a65

    Score
    10/10
    formbookgmcpersistenceratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks