Overview

overview

10

Static

static

SecuriteIn...14.exe

windows7-x64

10

SecuriteIn...14.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.15814.13814.exe

  • Size

    1.2MB

  • Sample

    221004-k7a8ysadd5

  • MD5

    6aa5f75d805cdd7f85f0d2557baad857

  • SHA1

    6624b51ae972cbe99903c897c9664c72369782f3

  • SHA256

    fe084e5fcd96061325aafd4528aedf59f3385a5c1bbf9daf3337ba1cabf4488f

  • SHA512

    0862f8dcfd782f0ecf30b57c12c00b19b20a5f31665a9bfeaf1263048030e91fdb9fd01af8ef76c35f3121785724ff1151692636d3eb7fbacc22665d2aa116c8

  • SSDEEP

    12288:FftjvJ4/XAISq1kmsoPIPDzRJp5urond09qRdQEQR150nZsLVvhoQtckql6AK4HQ:FSK5JoPIF5DndcSdVa15JRyQt

Score
10/10
formbookxloaderfofgloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

fofg

Decoy

FHyydxpFBs0S8b4ZlP7ZEtd/

EVaCEKb/cVV9xQ==

U9I5lke0IuU7vj5EXus=

rXD3AKPV3qUblOUsV41KMfU=

PwBSy5z56XNzIvnS3ygsKv0=

CQe1BLbSnGXX

HuhKjxhLhxqBy2FFz8WoFA==

QJymezEoLOFZ1T5EXus=

V8r5PAdwuGK2AUARohas

b1XV06ANH9s5uj5EXus=

3EiEhwo7Euw2tl8=

c2PjK8Izkydy5N8x

CXCkYf0m/qPrv8QajKyT6Oo=

pHjy+Mk0CqvWBXdCz8WoFA==

QjSwr3/j5rAyvz5EXus=

+edxANg/sU+k8YFQz8WoFA==

tWiQq3rqyl6cTAG9pA==

GeAyMQxBUOlDwD5EXus=

nQ5eoT2mEKkhDN2DwBek

JP5dIbHlrXXR8umDwBek

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.15814.13814.exe

    • Size

      1.2MB

    • MD5

      6aa5f75d805cdd7f85f0d2557baad857

    • SHA1

      6624b51ae972cbe99903c897c9664c72369782f3

    • SHA256

      fe084e5fcd96061325aafd4528aedf59f3385a5c1bbf9daf3337ba1cabf4488f

    • SHA512

      0862f8dcfd782f0ecf30b57c12c00b19b20a5f31665a9bfeaf1263048030e91fdb9fd01af8ef76c35f3121785724ff1151692636d3eb7fbacc22665d2aa116c8

    • SSDEEP

      12288:FftjvJ4/XAISq1kmsoPIPDzRJp5urond09qRdQEQR150nZsLVvhoQtckql6AK4HQ:FSK5JoPIF5DndcSdVa15JRyQt

    Score
    10/10
    formbookxloaderfofgloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks