Overview

overview

10

Static

static

SecuriteIn...74.exe

windows7-x64

10

SecuriteIn...74.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.Olock.1.14774.15124

  • Size

    931KB

  • Sample

    220808-jcqvgsfcfk

  • MD5

    0aa59b2e00f1b996715e4ad669a1135c

  • SHA1

    35663dc7ec41b279993ee233e1592c851d4fb6a7

  • SHA256

    9cbdbe876e2abf4c3140f516164d1f2c68f15d10b4c17725249182c50be6d32d

  • SHA512

    190b0b1dec2576116a6d3544bda892646f1e694db6dbc09e0582b00be672cafaa85219425f6295b83af449046a133d7acc91621792e38e6534d76601b444886b

Score
10/10
formbookd27eratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d27e

Decoy

lilysbusride.com

cloud-sechs.com

danpro.co.uk

wendoortech.com

playgroundrebellion.com

betventures.xyz

digimediasolution.net

abrahambetrayedus.com

whinefree.com

realeurolicence.com

makelovetrip.com

damediaagency.com

pinaralsan.com

5bobitw.com

shootingkarelia.online

website-staging.pro

manassadhvi.online

bathroomandkitcenking.com

realtormarket.net

dfysupport.com

Targets

    • Target

      SecuriteInfo.com.Trojan.Olock.1.14774.15124

    • Size

      931KB

    • MD5

      0aa59b2e00f1b996715e4ad669a1135c

    • SHA1

      35663dc7ec41b279993ee233e1592c851d4fb6a7

    • SHA256

      9cbdbe876e2abf4c3140f516164d1f2c68f15d10b4c17725249182c50be6d32d

    • SHA512

      190b0b1dec2576116a6d3544bda892646f1e694db6dbc09e0582b00be672cafaa85219425f6295b83af449046a133d7acc91621792e38e6534d76601b444886b

    Score
    10/10
    formbookd27eratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks