Overview

overview

10

Static

static

SecuriteIn...16.exe

windows7-x64

10

SecuriteIn...16.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Win64.TrojanX-gen.12769.19216.exe

  • Size

    444KB

  • Sample

    221124-cy53zabf38

  • MD5

    cd2f268903f9f40e2daa1c867cd814e9

  • SHA1

    a84269aef1bbe3ee773501514676031f85bca7cd

  • SHA256

    cacae6414253adb53f45fdde77f42642cd773f2eb6061c2dbc9a2abbf095b90a

  • SHA512

    3ae4370a20b099e322308bee9476d94cfbe97110ebc6d3fe805fef83c6d90ece17b1d4cdde5d9409a7dd24cd75b7773725aa331359b4fd6f777a0d75ae03fa91

  • SSDEEP

    12288:RP37aKSQW3KDZ8Wi5jWGvJdUIM/assGkwFPB7OIgcA9KqFl:J7aKS7n5/pBzLoPB7OrcWLj

Score
10/10
formbookt5ezratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

t5ez

Decoy

v+YaDdg/udazyV4Iyw==

MXDNPIhw1/8BP0Ud2fguBRZ/8nF6wQ==

WsTRjsGfK1Wt+wjFRn9mBQ==

TrAv42rPyfBfhpI=

2FrznhJCG6bpCgm9+n/Xq0cr

phy0dqeRgaeZzcuciHGgrkeVQw==

DIYHd2O24QEB

wVbxr0eqbQZMc4xwQF1W3NdmR2Xc

ncsN3VitpSp18jvXswKeJeQKA1DW

n/FT0RVVULr7fMV0Ykb8ztU=

OET6wvfsbaGp6O2/Rn9mBQ==

2Rb8gNoGR5GEwAeUhcs=

wR8Fc7imd8/3cQeUhcs=

rMZ/VOtX0kR/yV4Iyw==

9YIUqO7RR4iL5Cffi994

03AHmeAX+2F85Cnfi994

9QbOseAK0/c4SGJW

S1EDywDiYofETA==

ivZm1wDWR2hgAEFURn9mBQ==

D2pe4DygKUJKoLidIuwJo4PiKGhyZLPc

Targets

    • Target

      SecuriteInfo.com.Win64.TrojanX-gen.12769.19216.exe

    • Size

      444KB

    • MD5

      cd2f268903f9f40e2daa1c867cd814e9

    • SHA1

      a84269aef1bbe3ee773501514676031f85bca7cd

    • SHA256

      cacae6414253adb53f45fdde77f42642cd773f2eb6061c2dbc9a2abbf095b90a

    • SHA512

      3ae4370a20b099e322308bee9476d94cfbe97110ebc6d3fe805fef83c6d90ece17b1d4cdde5d9409a7dd24cd75b7773725aa331359b4fd6f777a0d75ae03fa91

    • SSDEEP

      12288:RP37aKSQW3KDZ8Wi5jWGvJdUIM/assGkwFPB7OIgcA9KqFl:J7aKS7n5/pBzLoPB7OrcWLj

    Score
    10/10
    formbookt5ezratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks