Overview

overview

10

Static

static

SecuriteIn...25.exe

windows7-x64

10

SecuriteIn...25.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.GenericKD.61170681.16225.30253

  • Size

    830KB

  • Sample

    220806-ajxryaahd2

  • MD5

    1380ca291c1bfec9095ad60faed1bcad

  • SHA1

    0e0a361e0b4573a30e6f72c2885ffc64fc4c3128

  • SHA256

    ebdd702f266b91c4d50e933c8609b1115d99840b524ec350724e5aae2aef39f1

  • SHA512

    e2fece9acbf3048f48e37582d271696f8b4b142bbc9dca41c469418fcaf05ba325343287b744fa8f7513ee1776caf0fa39d9a9e4c01a93e09af6c9a51620c4e4

Score
10/10
formbookd27eratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d27e

Decoy

lilysbusride.com

cloud-sechs.com

danpro.co.uk

wendoortech.com

playgroundrebellion.com

betventures.xyz

digimediasolution.net

abrahambetrayedus.com

whinefree.com

realeurolicence.com

makelovetrip.com

damediaagency.com

pinaralsan.com

5bobitw.com

shootingkarelia.online

website-staging.pro

manassadhvi.online

bathroomandkitcenking.com

realtormarket.net

dfysupport.com

Targets

    • Target

      SecuriteInfo.com.Trojan.GenericKD.61170681.16225.30253

    • Size

      830KB

    • MD5

      1380ca291c1bfec9095ad60faed1bcad

    • SHA1

      0e0a361e0b4573a30e6f72c2885ffc64fc4c3128

    • SHA256

      ebdd702f266b91c4d50e933c8609b1115d99840b524ec350724e5aae2aef39f1

    • SHA512

      e2fece9acbf3048f48e37582d271696f8b4b142bbc9dca41c469418fcaf05ba325343287b744fa8f7513ee1776caf0fa39d9a9e4c01a93e09af6c9a51620c4e4

    Score
    10/10
    formbookd27eratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks