Overview

overview

10

Static

static

SecuriteIn...66.exe

windows7_x64

10

SecuriteIn...66.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.W32.AIDetectNet.01.13966.4765

  • Size

    589KB

  • Sample

    220530-c6fhaafafk

  • MD5

    bc73f146c5f10a875ba645b7c9b567bd

  • SHA1

    e65a9edc4bf551c9eb0f75e813980c3d96966203

  • SHA256

    d4d430cfe4399aa57154854567d17ef118b6d0eee083b683f81957d2057949b0

  • SHA512

    8a9468f68e6d752409c64da0acd990b2d742a1862744c6c248eb1c01a75791dc76f0f33c28d2889beb46c745087d0754aa8e645243f3924f14b2dd4baa7f6370

Score
10/10
formbookt19gratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t19g

Decoy

playstationspiele.com

cakesbyannal.com

racepin.space

anti-offender.com

magnetque.com

farragorealtybrokerage.com

khuludmohammed.com

v33696.com

84ggg.com

d440.com

soccersmarthome.com

ofthis.world

fivestaryardcards.com

lusyard.com

gghft.com

viajesfortur.com

rationalirrationality.com

hanaramenrestaurant.com

exactlycleanse.com

martensenargentina.com

Targets

    • Target

      SecuriteInfo.com.W32.AIDetectNet.01.13966.4765

    • Size

      589KB

    • MD5

      bc73f146c5f10a875ba645b7c9b567bd

    • SHA1

      e65a9edc4bf551c9eb0f75e813980c3d96966203

    • SHA256

      d4d430cfe4399aa57154854567d17ef118b6d0eee083b683f81957d2057949b0

    • SHA512

      8a9468f68e6d752409c64da0acd990b2d742a1862744c6c248eb1c01a75791dc76f0f33c28d2889beb46c745087d0754aa8e645243f3924f14b2dd4baa7f6370

    Score
    10/10
    formbookt19gratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks