Overview

overview

10

Static

static

YANBU QUOT...22.exe

windows7_x64

10

YANBU QUOT...22.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1bc294a63c80ffdc3ef78d9e52b94a18

  • Size

    716KB

  • Sample

    220627-qr7j4sbeaq

  • MD5

    1bc294a63c80ffdc3ef78d9e52b94a18

  • SHA1

    b277de52ad36289d1c8a08bf4b76e23bca6be08a

  • SHA256

    032f59f1a16e61195453751a2e734b429302bc6a980e7c0df6a78187d1af0a1e

  • SHA512

    f4b9dab5625593a83c7784d65b0136f71d16c09803a9a70f52686925cc559b8eeedce07d01d327928022c433298c3af8310d54b36155be1d6a93f027b3af6250

Score
10/10
formbookba17ratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ba17

Decoy

bearwant.com

sdsguanfang.com

steamcommunityvia.top

sugarplumtreasures.com

koronislakefishing.com

jmae.xyz

xhxnqemkiqe.xyz

playzcrew.com

zatwsbq.com

lankofix.com

sh-zhepeng.com

mibodamisxv.online

butterflyjewelry.store

finestrecitalto-spottoday.info

globomateria.com

royalmdarts.com

d4af10836709.com

shepwill.com

67aldrich.info

trustedmakers.club

Targets

    • Target

      YANBU QUOTATION LIST 06.2022.exe

    • Size

      689KB

    • MD5

      2e43d196e446bfc5c13be5b260137ada

    • SHA1

      2fcf21897ecc2315fc1c668834ae6a638db409f7

    • SHA256

      6ff2623794625f34d8ebf1d840ececdce903836c5a06b1907f83a0cea46ac57f

    • SHA512

      803679f0dc6c83ef743bbd6686eb4d66301ab3e1288b64aea1a7bcc6fd57bdb3a7ec1b0ceb448976d5bd2e08f2b64e4c0811a401282de75b243e4599728172fe

    Score
    10/10
    formbookba17ratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks