Overview

overview

10

Static

static

MT103-203674982.exe

windows7_x64

10

MT103-203674982.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec87daf51bd380ba12d450602cd86a60

  • Size

    288KB

  • Sample

    220704-h2qekshce6

  • MD5

    ec87daf51bd380ba12d450602cd86a60

  • SHA1

    9ec5382f211483649dd7ab44db4e9ef70497f792

  • SHA256

    74c6ec17b7e893a4cc45327088df9b6b1f5174173368622f0ba7f5760fd74943

  • SHA512

    71824f58b8cfa211959398bdcd7e104c863544d8e282a454630ab053b549f4afb4454bac3f344ee3ed571d1b1f5978a70edfb9b4b95e2e8a8c0ac00847ef3532

Score
10/10
formbookm56uratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m56u

Decoy

tercantiq.com

fortvillechicken.net

spiritsandtheb.com

alliant-inc.biz

yh1902.com

xiaodewenhua.net

cityjobs.xyz

seniorlivingwisconsin.com

piadagrilla.com

truistfinancebank.online

nft-fashionlover.com

hangmandownload.com

chun888.xyz

lemonviral.com

getagrip.network

daniellepinnock.info

chiswickstudios.com

essayservicee.com

bharatpragatifoundation.com

800vn.com

Targets

    • Target

      MT103-203674982.exe

    • Size

      247KB

    • MD5

      400ff0ca3ab2676f072aea68870ef70d

    • SHA1

      dfd2f2443fd103089be9ab9f6fe651399b3d19f4

    • SHA256

      7a605579f572e0ca0067f031db05ceec4f0445a09aae0a57bc36b14e5874d734

    • SHA512

      a441c8e2b7aaf60a46a95077d4296888cc0bebc694e0fefb7501bab664d2fe5a81de8ec703b66df61372dfc3a09d8d918ed9ee952dbb558181a88f535b8d329b

    Score
    10/10
    formbookm56uratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks