Overview

overview

10

Static

static

RFQ - OQ[2...72.exe

windows7_x64

10

RFQ - OQ[2...72.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ - OQ[22002356]-52872.exe

  • Size

    587KB

  • Sample

    220629-trxxfsbaap

  • MD5

    9897b687dbf706bd420bad29dacdd77b

  • SHA1

    7dcc2589a102cc97fe69c8ff287460c62ffa669b

  • SHA256

    4ce459e96e27a319ea15c07994ae72c5df83c599bddbee3286558723bc55b20e

  • SHA512

    79c9515e6efcf1a1da4d54e9cb5a168c7ca715f9228c112f69df97e40cfb7e64b0ac96322ff74e52214bc4655f0c96ede40b50d1ccd6b1806d3d44dc563f4e65

Score
10/10
formbookba17ratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ba17

Decoy

bearwant.com

sdsguanfang.com

steamcommunityvia.top

sugarplumtreasures.com

koronislakefishing.com

jmae.xyz

xhxnqemkiqe.xyz

playzcrew.com

zatwsbq.com

lankofix.com

sh-zhepeng.com

mibodamisxv.online

butterflyjewelry.store

finestrecitalto-spottoday.info

globomateria.com

royalmdarts.com

d4af10836709.com

shepwill.com

67aldrich.info

trustedmakers.club

Targets

    • Target

      RFQ - OQ[22002356]-52872.exe

    • Size

      587KB

    • MD5

      9897b687dbf706bd420bad29dacdd77b

    • SHA1

      7dcc2589a102cc97fe69c8ff287460c62ffa669b

    • SHA256

      4ce459e96e27a319ea15c07994ae72c5df83c599bddbee3286558723bc55b20e

    • SHA512

      79c9515e6efcf1a1da4d54e9cb5a168c7ca715f9228c112f69df97e40cfb7e64b0ac96322ff74e52214bc4655f0c96ede40b50d1ccd6b1806d3d44dc563f4e65

    Score
    10/10
    formbookba17ratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks