Overview

overview

10

Static

static

SecuriteIn...07.exe

windows7-x64

10

SecuriteIn...07.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Win32.CrypterX-gen.24274.13707.exe

  • Size

    885KB

  • Sample

    221129-p2b1hsaf25

  • MD5

    630ffd21c1de8a583a4e1627b8ac6534

  • SHA1

    7cdb7d33a07326fa3b2699bb7308889a0920541a

  • SHA256

    02b628dcbfaa0cad2ccde62b1cfb16425a8d40b4cad9de200569ce1b84981612

  • SHA512

    9ee857113df144f0fed19c1c831cf4731b866e8b5a92417b11c445d2cb9a374c430a6c2fc4a7318bd01a0fdc756132d7f4895f0798a3fdf194ac3b223f10cd68

  • SSDEEP

    24576:hIVD2ISXOaDU11ecODssqm/6rw5Roa/W9DdEPf:ha2RXOKcLsq46s5RoafP

Score
10/10
formbookf9r5ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f9r5

Decoy

teknotimur.com

zuliboo.com

remmingtoncampbell.com

vehicletitleloansphoenix.com

sen-computer.com

98731.biz

shelikesblu.com

canis-totem.com

metaversemedianetwork.com

adsdu.com

vanishmediasystems.com

astewaykebede.com

wszhongxue.com

gacha-animator-free.com

papatyadekorasyon.com

mqc168.top

simplebrilliantsolutions.com

jubileehawkesprairie.com

ridflab.com

conboysfilm.com

Targets

    • Target

      SecuriteInfo.com.Win32.CrypterX-gen.24274.13707.exe

    • Size

      885KB

    • MD5

      630ffd21c1de8a583a4e1627b8ac6534

    • SHA1

      7cdb7d33a07326fa3b2699bb7308889a0920541a

    • SHA256

      02b628dcbfaa0cad2ccde62b1cfb16425a8d40b4cad9de200569ce1b84981612

    • SHA512

      9ee857113df144f0fed19c1c831cf4731b866e8b5a92417b11c445d2cb9a374c430a6c2fc4a7318bd01a0fdc756132d7f4895f0798a3fdf194ac3b223f10cd68

    • SSDEEP

      24576:hIVD2ISXOaDU11ecODssqm/6rw5Roa/W9DdEPf:ha2RXOKcLsq46s5RoafP

    Score
    10/10
    formbookf9r5ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks