Overview

overview

10

Static

static

SecuriteIn...58.exe

windows7-x64

10

SecuriteIn...58.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.IL.Trojan.MSILZilla.22064.23758.20126

  • Size

    775KB

  • Sample

    220812-kj93dabafk

  • MD5

    7d9fb8d3bbb6ea60625b0b1a04b334dc

  • SHA1

    0b25491874f0a7d5188ca62ef2ea423cce99fd22

  • SHA256

    306a936a7018c56371de6d5691278c7975a82ba072e8cd8d6e0a4da8f9f57d21

  • SHA512

    a61f8302c2839308793287b7e1a862714f67081ca04d59e342aff80b04f62299df9d0da10c78cd93d20fe93871522d82a5295785ff26bd43bb4a2f1ada4f4763

Score
10/10
formbookp94aratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p94a

Decoy

wishgrove.com

parqueveiculos.com

spiderwebs.online

chulkanadham.com

cdtuan.net

zxazm.com

payment6528832.xyz

fengtaiol.com

bffsmovie.com

aliceseagerfitness.com

garisluruskonsulindo.website

analytical-gutter.net

ahcq8.com

fenyoga.com

ecleptic.cat

conjurecrafts.com

aquaway.date

apenpokkenschoonmaakbedrijf.com

zgramr.top

boweknives.site

Targets

    • Target

      SecuriteInfo.com.IL.Trojan.MSILZilla.22064.23758.20126

    • Size

      775KB

    • MD5

      7d9fb8d3bbb6ea60625b0b1a04b334dc

    • SHA1

      0b25491874f0a7d5188ca62ef2ea423cce99fd22

    • SHA256

      306a936a7018c56371de6d5691278c7975a82ba072e8cd8d6e0a4da8f9f57d21

    • SHA512

      a61f8302c2839308793287b7e1a862714f67081ca04d59e342aff80b04f62299df9d0da10c78cd93d20fe93871522d82a5295785ff26bd43bb4a2f1ada4f4763

    Score
    10/10
    formbookp94aratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks