Overview

overview

10

Static

static

SecuriteIn...25.exe

windows7-x64

3

SecuriteIn...25.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.16696.22525.exe

  • Size

    830KB

  • Sample

    221206-e3netscd7w

  • MD5

    117d8fe530f41f5eb068b27480377234

  • SHA1

    c61eb8e55dbaa0aaacddec463b39d6ef00cc3566

  • SHA256

    0ce95ed2a26eb4e5f38cd27cbcac2065b3e6a71a26cdc24f56946dd0428f88be

  • SHA512

    41a273e191f66b22cc3b86115b867df8fdf2721c5d5ffa3c4ec73f1bf91c5eb575ffecbf0ddd6fa5de817b4d63eb7f788a49e284780e04f14b8788b02486625f

  • SSDEEP

    12288:Bc6sfZ344iymiLkOPQJzCcAipT+oXuKDz7AWPz5jjmahgKZ/nXt7virmWhlGLaQ1:S6sfe4iymiNPm2cepKDz7vPl

Score
10/10
formbookf9r5ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f9r5

Decoy

teknotimur.com

zuliboo.com

remmingtoncampbell.com

vehicletitleloansphoenix.com

sen-computer.com

98731.biz

shelikesblu.com

canis-totem.com

metaversemedianetwork.com

adsdu.com

vanishmediasystems.com

astewaykebede.com

wszhongxue.com

gacha-animator-free.com

papatyadekorasyon.com

mqc168.top

simplebrilliantsolutions.com

jubileehawkesprairie.com

ridflab.com

conboysfilm.com

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.16696.22525.exe

    • Size

      830KB

    • MD5

      117d8fe530f41f5eb068b27480377234

    • SHA1

      c61eb8e55dbaa0aaacddec463b39d6ef00cc3566

    • SHA256

      0ce95ed2a26eb4e5f38cd27cbcac2065b3e6a71a26cdc24f56946dd0428f88be

    • SHA512

      41a273e191f66b22cc3b86115b867df8fdf2721c5d5ffa3c4ec73f1bf91c5eb575ffecbf0ddd6fa5de817b4d63eb7f788a49e284780e04f14b8788b02486625f

    • SSDEEP

      12288:Bc6sfZ344iymiLkOPQJzCcAipT+oXuKDz7AWPz5jjmahgKZ/nXt7virmWhlGLaQ1:S6sfe4iymiNPm2cepKDz7vPl

    Score
    10/10
    formbookf9r5ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks