Overview

overview

10

Static

static

BL# BKKCM3215800.exe

windows7_x64

10

BL# BKKCM3215800.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BL# BKKCM3215800.exe

  • Size

    170KB

  • Sample

    220712-al64dsebhk

  • MD5

    2ec6d3e0a7fe0d612b5ae232a01e7d2b

  • SHA1

    b1971757c64ccaaaff17d4e5d7c6db4eb0843b2a

  • SHA256

    2198c2bb61788ff27d22b8a16ff4ddbfc343d0c3f641ce8c86e42100d338a83b

  • SHA512

    540cb081def6eb76c74cc1cd33a9e28d0c41eac808cac4a86fe1ca5280da6e7b40f9a1e52ff2d6149e9531c9ce9d0929f8af26234af114f484ff081bf62fdaf3

Score
10/10
formbookba17ratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ba17

Decoy

bearwant.com

sdsguanfang.com

steamcommunityvia.top

sugarplumtreasures.com

koronislakefishing.com

jmae.xyz

xhxnqemkiqe.xyz

playzcrew.com

zatwsbq.com

lankofix.com

sh-zhepeng.com

mibodamisxv.online

butterflyjewelry.store

finestrecitalto-spottoday.info

globomateria.com

royalmdarts.com

d4af10836709.com

shepwill.com

67aldrich.info

trustedmakers.club

Targets

    • Target

      BL# BKKCM3215800.exe

    • Size

      170KB

    • MD5

      2ec6d3e0a7fe0d612b5ae232a01e7d2b

    • SHA1

      b1971757c64ccaaaff17d4e5d7c6db4eb0843b2a

    • SHA256

      2198c2bb61788ff27d22b8a16ff4ddbfc343d0c3f641ce8c86e42100d338a83b

    • SHA512

      540cb081def6eb76c74cc1cd33a9e28d0c41eac808cac4a86fe1ca5280da6e7b40f9a1e52ff2d6149e9531c9ce9d0929f8af26234af114f484ff081bf62fdaf3

    Score
    10/10
    formbookba17ratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks