Overview

overview

10

Static

static

SecuriteIn...51.exe

windows7-x64

10

SecuriteIn...51.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.PackedNET.1681.13901.8451.exe

  • Size

    947KB

  • Sample

    221123-xdgvvsef69

  • MD5

    0f56bac1a380f84eb814ec7730b472f1

  • SHA1

    689c412c479bb2d1f4aaad821e6be5a2f1ca94ba

  • SHA256

    ec97b2959f4dc8a687cf3b573c50bd1eccb24c756e2070be312f9fc4136f067e

  • SHA512

    fed7c160c0c83b1a6ac38ed5dec5b8f5997ba4c0f7b8b74e02df160047a102a8b4c58ffecb80e4bbba570c70279d9c258adc0ff60fed71888b6c3d5dddf63e72

  • SSDEEP

    24576:oM+L74mBfNUstzom3r8JNJ5wNGX/LhtW12kNnqlxn7K9x/kF0nCdbJ2McWt:8IPAGdtwNnqlxn294jJBv

Score
10/10
formbookoi05ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oi05

Decoy

fluidavail.online

blchain.tech

kyocera.website

sangmine.xyz

thepolicyjacket.info

ssvhelpman.net

y-t-design.com

eminentabroad.com

codingcamp.store

bester.capital

tanjiya23.site

bheniamyn.dev

top5monitor.com

bit-prim.trade

airstreamsocialclub.com

darkwarspod.com

zazisalesdistribution.com

vivolentlo.online

daftburo.net

elemangelsin.xyz

Targets

    • Target

      SecuriteInfo.com.Trojan.PackedNET.1681.13901.8451.exe

    • Size

      947KB

    • MD5

      0f56bac1a380f84eb814ec7730b472f1

    • SHA1

      689c412c479bb2d1f4aaad821e6be5a2f1ca94ba

    • SHA256

      ec97b2959f4dc8a687cf3b573c50bd1eccb24c756e2070be312f9fc4136f067e

    • SHA512

      fed7c160c0c83b1a6ac38ed5dec5b8f5997ba4c0f7b8b74e02df160047a102a8b4c58ffecb80e4bbba570c70279d9c258adc0ff60fed71888b6c3d5dddf63e72

    • SSDEEP

      24576:oM+L74mBfNUstzom3r8JNJ5wNGX/LhtW12kNnqlxn7K9x/kF0nCdbJ2McWt:8IPAGdtwNnqlxn294jJBv

    Score
    10/10
    formbookoi05ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks