Overview

overview

10

Static

static

SecuriteIn...23.exe

windows7-x64

10

SecuriteIn...23.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.7158.12123.exe

  • Size

    660KB

  • Sample

    221205-pz7dmseg4v

  • MD5

    4456d023908ebca5034b01ae809d6e62

  • SHA1

    99272ab4f217276228ab68eaae72abfc4242a746

  • SHA256

    11990c08ba3e1eb0f464d9850bb76696a89f95c0368e3634488139f25b96bf42

  • SHA512

    ecde1fb31000b7ef0cf02e995106d236c3aa23e6821da106f69f9bd22744184a53fa1b5671770a5bfb1e2137d4bb0d7581ad664685dde0b8ead994c168dc40ad

  • SSDEEP

    12288:6PuYd+V6b1momPZefeKrsUTkx8S0VP+P1ATnVsgIu3fV6Tx0TBf+v0PuYd+V6b:6PuYd+V6bIomxieMwx8ZBT2/0cxWBf+y

Score
10/10
formbookf9r5ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f9r5

Decoy

teknotimur.com

zuliboo.com

remmingtoncampbell.com

vehicletitleloansphoenix.com

sen-computer.com

98731.biz

shelikesblu.com

canis-totem.com

metaversemedianetwork.com

adsdu.com

vanishmediasystems.com

astewaykebede.com

wszhongxue.com

gacha-animator-free.com

papatyadekorasyon.com

mqc168.top

simplebrilliantsolutions.com

jubileehawkesprairie.com

ridflab.com

conboysfilm.com

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.7158.12123.exe

    • Size

      660KB

    • MD5

      4456d023908ebca5034b01ae809d6e62

    • SHA1

      99272ab4f217276228ab68eaae72abfc4242a746

    • SHA256

      11990c08ba3e1eb0f464d9850bb76696a89f95c0368e3634488139f25b96bf42

    • SHA512

      ecde1fb31000b7ef0cf02e995106d236c3aa23e6821da106f69f9bd22744184a53fa1b5671770a5bfb1e2137d4bb0d7581ad664685dde0b8ead994c168dc40ad

    • SSDEEP

      12288:6PuYd+V6b1momPZefeKrsUTkx8S0VP+P1ATnVsgIu3fV6Tx0TBf+v0PuYd+V6b:6PuYd+V6bIomxieMwx8ZBT2/0cxWBf+y

    Score
    10/10
    formbookf9r5ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks