Overview

overview

10

Static

static

bb57e60238...6e.exe

windows7_x64

10

bb57e60238...6e.exe

windows10-2004_x64

10

Resubmissions

07-07-2022 08:45

220707-knxb3sbeg8 10

06-07-2022 05:07

220706-fr3k2sbad8 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7662436151.zip

  • Size

    577KB

  • Sample

    220706-fr3k2sbad8

  • MD5

    936af3cd3bb09a79a23019a81e382029

  • SHA1

    8aeb8db5050cae2b4346bcb93acfd2cf9c9ee13e

  • SHA256

    a0592505ea38b395237adc77624c613ca16cb99f296549c6b128b7d8c4e17ecc

  • SHA512

    d0c1c973f540c5e03728d1cdfba5367dd43148668c90283bf91b7eb81cc0954ffd0f532db8dd2ef296634277037676596fc29a3facdfb420c87b1c399ec584b7

Score
10/10
formbookjr04ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jr04

Decoy

usatotribu.com

jak-omi.xyz

spacemozaic.pro

fordheritagevauly.com

vinted.beauty

gowebinar4u.com

infinixmediapty.com

dingquanjr.com

vahidblog.com

kgav99q.icu

healtyneck.com

assg3cd.icu

airconditionerworld.site

opinkmflotp.site

mineclicker.net

davidsonfessettlement.com

secured-verification.com

kgwjqaj.icu

subtmv.xyz

auntysocialvintage.com

Targets

    • Target

      bb57e60238a1f7954433764a77c251f0b6367120592605b04307bf2d3aec446e

    • Size

      623KB

    • MD5

      d796106a6798936495f83e5eeb341c90

    • SHA1

      671a5437ce4fe56510909a852916a19eaf983dc6

    • SHA256

      bb57e60238a1f7954433764a77c251f0b6367120592605b04307bf2d3aec446e

    • SHA512

      9cbb995f2d32fef68348d0037ea8b6fac98ba86905b96658bf527961ae04f63ce65a23efcb4dee6e6fe8b3f1e5cf77e40221fd92dff925e0a60c2563eac2a7f7

    Score
    10/10
    formbookjr04ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks