Overview

overview

10

Static

static

SecuriteIn...86.exe

windows7-x64

10

SecuriteIn...86.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.DownloaderNET.345.13381.27886.exe

  • Size

    673KB

  • Sample

    221205-cykr2agf37

  • MD5

    e7ac037813e0f4fa8d32974a542a2d08

  • SHA1

    093356469b8932c6168e43d427127d7ed5b56af4

  • SHA256

    1734985df87235e747cf465d2d8d192f609275a7193a723764c8654b47357083

  • SHA512

    e0fe51b1c332d763318cfcb486280d6c7af34486d01dbec9b8b994bf7a69270194ad243299f01788f5781ae5fbe99575dc89bd126d90abac27c186efee14ee33

  • SSDEEP

    12288:xZNfbYhbXbqhf/groDmU2md5mq6yCCDEa4RUOyV0eeoWtO6TGhAh:HNfqbXbqhf/ioDmXgmq6yYaAgOeeoWt/

Score
10/10
formbookctapratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

ctap

Decoy

7fuiHU5O7pBugItrXtDlRbQzVNAypQ==

Ioe4Ezkvrkk5SljtGsXC

7SdYmzWqxYzoB10eYg==

87z12VKpqmy0nXHtGsXC

frPRoZR38nhTXl/tGsXC

JybcU3xwAWn21yEPd4XnKA==

B6LTKeV3SeQZAg==

9iFOJSEVtE+I6ea4tn6M72ANGm3K

bROuHdVCVl63QIZuI2etey+ugP0=

25FDh/Be3fhaReK+BwZm9aY+og==

ipYbazKawI7oB10eYg==

Y3ONgI2GHcStmm5WhEZCsE/GlNJovg==

NMjp1U2zzpPoB10eYg==

ZZOygHxoGkBxNTz1RnI=

Hy1dkswBcyQh

94qXZbB1+8ciD4Q=

JUhyQ8Fxl+4gBA==

7wuj4eTJFutgR7+k1R8mIA==

Nj3QJ1RBulY2AMS/1R8mIA==

LjFXk8zI5vgdq8N6ropiNA==

Targets

    • Target

      SecuriteInfo.com.Trojan.DownloaderNET.345.13381.27886.exe

    • Size

      673KB

    • MD5

      e7ac037813e0f4fa8d32974a542a2d08

    • SHA1

      093356469b8932c6168e43d427127d7ed5b56af4

    • SHA256

      1734985df87235e747cf465d2d8d192f609275a7193a723764c8654b47357083

    • SHA512

      e0fe51b1c332d763318cfcb486280d6c7af34486d01dbec9b8b994bf7a69270194ad243299f01788f5781ae5fbe99575dc89bd126d90abac27c186efee14ee33

    • SSDEEP

      12288:xZNfbYhbXbqhf/groDmU2md5mq6yCCDEa4RUOyV0eeoWtO6TGhAh:HNfqbXbqhf/ioDmXgmq6yYaAgOeeoWt/

    Score
    10/10
    formbookctapratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks