Overview

overview

10

Static

static

PO#30001174.exe

windows7_x64

10

PO#30001174.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO#30001174.exe

  • Size

    249KB

  • Sample

    220620-qjyl8sddej

  • MD5

    15a03c78842f8e0f47ffc35dd6362197

  • SHA1

    1e4d857d05d7bd3d7ae37345dd9e38f629219596

  • SHA256

    8a3206a8bbf5056d7cb774be843c2a067aa8643e44c58c63e3e9cb65ce0f3fc4

  • SHA512

    a1cb86f46db8ceeab6306c6a0cf90fee5002fba8504b284ed0c95fcd9fde7d6948dbc2946a750f6104cb689def600ca41727dec8b1a651f9afed6b53e169a1db

Score
10/10
formbookm56uratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m56u

Decoy

tercantiq.com

fortvillechicken.net

spiritsandtheb.com

alliant-inc.biz

yh1902.com

xiaodewenhua.net

cityjobs.xyz

seniorlivingwisconsin.com

piadagrilla.com

truistfinancebank.online

nft-fashionlover.com

hangmandownload.com

chun888.xyz

lemonviral.com

getagrip.network

daniellepinnock.info

chiswickstudios.com

essayservicee.com

bharatpragatifoundation.com

800vn.com

Targets

    • Target

      PO#30001174.exe

    • Size

      249KB

    • MD5

      15a03c78842f8e0f47ffc35dd6362197

    • SHA1

      1e4d857d05d7bd3d7ae37345dd9e38f629219596

    • SHA256

      8a3206a8bbf5056d7cb774be843c2a067aa8643e44c58c63e3e9cb65ce0f3fc4

    • SHA512

      a1cb86f46db8ceeab6306c6a0cf90fee5002fba8504b284ed0c95fcd9fde7d6948dbc2946a750f6104cb689def600ca41727dec8b1a651f9afed6b53e169a1db

    Score
    10/10
    formbookm56uratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks