2e94e9f9492519257c3ce0897b7e0b526d202e59e325149a4e292756bbe02dec

General
Target

2e94e9f9492519257c3ce0897b7e0b526d202e59e325149a4e292756bbe02dec

Size

272KB

Sample

220521-px9qzsbder

Score
10 /10
MD5

f258f9694b92c3849e492139ac9a98a3

SHA1

4251530ef3d77612642d87bc0e96038db886aff8

SHA256

2e94e9f9492519257c3ce0897b7e0b526d202e59e325149a4e292756bbe02dec

SHA512

dbf7b421656512bb4781b3de4b83ccfe6d3e7c712cefc5df8b55fcfb4927898dec2b479343dca947a1dd4dc5708e32aa7c3eae8ca0719b3effe229c071ea3308

Malware Config

Extracted

Family formbook
Version 4.1
Campaign q5e
Decoy

2177.ltd

thanxiety.com

max-width.com

fixti.net

mostmaj.com

mobilteknolojiuzmani.com

historyannals.com

wheelchairmotion.com

mossandmoonstonestudio.com

kastellifournis.com

axokey.net

peekl.com

metsteeshirt.com

abcfinancial-inc.com

btxrsp.com

amydh.com

ccoauthority.com

lumacorretora.com

kimfelixrealtor.com

iconext.biz

giftstgg.com

imonsanto.com

invoicefor.com

qfhxlw.com

wsykyy.com

gladius.network

peliculaslatino.online

timookflour.com

gxkuangjian.com

utvklj.men

rabota-v-avon.online

sheashealingway.com

thoitrangaoda.com

rytechweb.com

circuit69.com

crowd-design.biz

carosiandrhee.com

778d88.com

calvinkl.com

cjkit.com

jgkwhgxe.com

sanitascuadromedico.com

mellorangello.com

whiteinnocence.com

medtechdesignstudio.net

nurturingskin.com

guardyourweb.net

juw2017.com

jnheroes.com

damicosoftwaresystems.com

Targets
Target

PO10062020.exe

MD5

02cf2e5ec0352d4e5ad016bf6a4c3ec1

Filesize

344KB

Score
10/10
SHA1

8b45260c7d9df1a0a1240c82ec173d7d2fe39dc3

SHA256

5ed8ce65c5a1e4b24a300d02167839e8f060bf38c7c407d4a7d2dc5e0d2c80b9

SHA512

3bf2c80200b053529afda0064544056b43d5bae40b1370e78555820cf0b4fe3c8a7361fedeb56b4cca99ebe2aab1d15f063c0c0448784eeef44d918bafbf7fe7

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • Formbook Payload

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral2

                      1/10