Overview

overview

10

Static

static

PO-07-2022-00062.exe

windows7-x64

10

PO-07-2022-00062.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO-07-2022-00062.zip

  • Size

    39KB

  • Sample

    220725-hn73gabadj

  • MD5

    94b759dafed20cfaa1b8aed076cbddae

  • SHA1

    ca7518857868b1102db757dbc83628c3d16e6b67

  • SHA256

    772c92cb2ef2e880b4c55e4a953b9792223125792be9981ee69b8bfafe0e2867

  • SHA512

    b7ffc3a3cdd8909fe017479ee694c4e0c4529421773ae22c15ea97868b4edd058656a26dd648e54e204c2bcb069522aaf16873c3d053942bc9b91b1e587dc3e3

Score
10/10
formbookfs44ratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fs44

Decoy

whneat.com

jljcw.net

pocodelivery.com

outofplacezine.com

yavuzcansigorta.com

xinhewood-cn.com

cartogogh.com

5avis.com

joyceyong.art

digitalsurf.community

blackcreekbarns.com

magazinedistribuidor.com

sportsgross.com

drevom.online

mayibeofservice.com

gareloi-digit.com

permitha.net

renaissanceestetica.com

facts-r-friends.com

dach-loc.com

Targets

    • Target

      PO-07-2022-00062.exe

    • Size

      121KB

    • MD5

      6e242c54644dc4865f452c83922063f1

    • SHA1

      9e691a93f17e8b4a0a871892889663a3c2c32572

    • SHA256

      3f97bf9bdfc07c39df433605eda1cfdc6617e4142e8a49f182f547fa25243c62

    • SHA512

      b8b1fe1ab7b56fb2cea4c98d45e2cd3cccd200be9ded583cf356c3592dc225a4a560a064ce6e2ea4f97a6566ebd254b6e2a1f6344bf19f14d6580e2359c03d82

    Score
    10/10
    formbookfs44ratspywarestealertrojansuricata

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks