Overview

overview

10

Static

static

SecuriteIn...77.exe

windows7-x64

10

SecuriteIn...77.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.W32.AIDetectNet.01.10877.30640

  • Size

    919KB

  • Sample

    220812-zcep8aheaj

  • MD5

    78cce3c1d0cadadd8be8fe9022be5f44

  • SHA1

    dd881fdfca2d2dd2a466e49f46811c38a1172327

  • SHA256

    6de750cf7e7a9f7a3fced7712ebde1360102bf175362c71e3f304d01eaa59e30

  • SHA512

    f2dec41a90a0b52e1354cd75daca5fd7f614c78b8f7a57762548f24ef5ebd78dace3c915307e06ea5d133a3301d12bbf898aec850eb041d8d421c5aa15971a69

Score
10/10
formbookde08ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

de08

Decoy

retirecloudyyard.com

fabiyan.xyz

chrisarlyde.com

selapex.com

vivalosgales.com

specialty-medicine.com

contasesolucoes.com

satunusanews.net

allyibc.com

alameda1876.com

artofdala.com

yukoidusp.xyz

steeldrumbandnearme.com

stonewedgetechnology.com

kentonai.com

macquarie-private.com

ddgwy.com

megagreenhousekits.com

descomplicaomarketing.com

inclusiverealtor.com

Targets

    • Target

      SecuriteInfo.com.W32.AIDetectNet.01.10877.30640

    • Size

      919KB

    • MD5

      78cce3c1d0cadadd8be8fe9022be5f44

    • SHA1

      dd881fdfca2d2dd2a466e49f46811c38a1172327

    • SHA256

      6de750cf7e7a9f7a3fced7712ebde1360102bf175362c71e3f304d01eaa59e30

    • SHA512

      f2dec41a90a0b52e1354cd75daca5fd7f614c78b8f7a57762548f24ef5ebd78dace3c915307e06ea5d133a3301d12bbf898aec850eb041d8d421c5aa15971a69

    Score
    10/10
    formbookde08ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks