Overview

overview

10

Static

static

Psnexkubrs...eo.exe

windows7-x64

1

Psnexkubrs...eo.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Psnexkubrsdkhhhmyxgvotbcyllnzvpneo.exe

  • Size

    692KB

  • Sample

    220816-hcxscsgbh2

  • MD5

    03b235ea1e6582ad3c705aa15b508b4e

  • SHA1

    cea314e1209fa9cebb78495a11ed32105180cf75

  • SHA256

    7fab72b8e2d21f7e219d7599e891aafa58eac18dd47badf4360e144a1c993dbf

  • SHA512

    73acab92688afff7276e26bebc4b5695a542619afc4f19659bbbb8ae8514d9bc1d5fb5e15fc4c13249c0a51e95857001e08aaa68ba482c9bcbb747750cd7fba1

Score
10/10
formbookmodiloadero2e7persistenceratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o2e7

Decoy

genvivwink.com

paramotos.space

bolsanoir.com

techblog.asia

seophreak.com

agitationt.net

jenniferlearmontcelebrant.com

biggsales.space

barkerprintsolutions.com

jesuspatriot.com

clinicaamadeolosmochis.com

lowbackpaindecoded.com

mumbaimasjid.com

masooliflourmillers.com

incopetent.com

andresramosweb.com

betonamubukkyoshinjakai.com

pukimail.net

erohlimitcrown.site

bodogegarden.com

Targets

    • Target

      Psnexkubrsdkhhhmyxgvotbcyllnzvpneo.exe

    • Size

      692KB

    • MD5

      03b235ea1e6582ad3c705aa15b508b4e

    • SHA1

      cea314e1209fa9cebb78495a11ed32105180cf75

    • SHA256

      7fab72b8e2d21f7e219d7599e891aafa58eac18dd47badf4360e144a1c993dbf

    • SHA512

      73acab92688afff7276e26bebc4b5695a542619afc4f19659bbbb8ae8514d9bc1d5fb5e15fc4c13249c0a51e95857001e08aaa68ba482c9bcbb747750cd7fba1

    Score
    10/10
    formbookmodiloadero2e7persistenceratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Formbook payload

      rat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks