Overview

overview

10

Static

static

SecuriteIn...31.exe

windows7-x64

10

SecuriteIn...31.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Win32.BootkitX-gen.24031.exe

  • Size

    972KB

  • Sample

    220914-km5xtshfh5

  • MD5

    3e336e588f8433c914b415a282d14b0b

  • SHA1

    a5b36cf34d9ab4aca8b07a723848dd1dfcc755a4

  • SHA256

    a88e5d5fb17e50a25cf6dfe2512fc45cc3f712dccccee2d08ee7d1dac7086e5e

  • SHA512

    542aed70db8435e595b4552cf8c8abb97bfc02ce0702c28a6758a5dd184cd6418bd86f70b4055be2392b6dce12e2629d98a380d24dfcf2e9978b7bd70ae71e0f

  • SSDEEP

    24576:1HneAr5UNl6hdN/qq0Ztypw9bN+Oz2jrl:1HTiPkJPTOz2t

Score
10/10
formbookba17ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ba17

Decoy

bearwant.com

sdsguanfang.com

steamcommunityvia.top

sugarplumtreasures.com

koronislakefishing.com

jmae.xyz

xhxnqemkiqe.xyz

playzcrew.com

zatwsbq.com

lankofix.com

sh-zhepeng.com

mibodamisxv.online

butterflyjewelry.store

finestrecitalto-spottoday.info

globomateria.com

royalmdarts.com

d4af10836709.com

shepwill.com

67aldrich.info

trustedmakers.club

Targets

    • Target

      SecuriteInfo.com.Win32.BootkitX-gen.24031.exe

    • Size

      972KB

    • MD5

      3e336e588f8433c914b415a282d14b0b

    • SHA1

      a5b36cf34d9ab4aca8b07a723848dd1dfcc755a4

    • SHA256

      a88e5d5fb17e50a25cf6dfe2512fc45cc3f712dccccee2d08ee7d1dac7086e5e

    • SHA512

      542aed70db8435e595b4552cf8c8abb97bfc02ce0702c28a6758a5dd184cd6418bd86f70b4055be2392b6dce12e2629d98a380d24dfcf2e9978b7bd70ae71e0f

    • SSDEEP

      24576:1HneAr5UNl6hdN/qq0Ztypw9bN+Oz2jrl:1HTiPkJPTOz2t

    Score
    10/10
    formbookba17ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks