Overview

overview

10

Static

static

SecuriteIn...40.exe

windows7-x64

10

SecuriteIn...40.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.Siggen19.18804.23332.14940.exe

  • Size

    740KB

  • Sample

    221206-t1ykcadh47

  • MD5

    a33d9b8d1cf40a7d3bd2601917276ed4

  • SHA1

    4fcf9b739705cdc9dd1643c152df2a1db4ae2e48

  • SHA256

    ddec6968806b89640eed8ad10d3f33e1cdf0c5a9f596e128d9f3fbcecfad5fbd

  • SHA512

    0d8870bfcee2d68eff506ae507f9e20b25dc9ec4eb54d8212dc8743a8e443b26cded51e9e845777d2f124d86ca26495694553e05872a6668fdd2dff634cd4892

  • SSDEEP

    12288:kwl+momPZefiPtqvyu1JtnN8t2iZX65arc2+dTbt1NbXBFHWf0Tg90/G:romxiiQF1fN88iZX65S+t1NzBRWeaoG

Score
10/10
formbookoi05ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oi05

Decoy

fluidavail.online

blchain.tech

kyocera.website

sangmine.xyz

thepolicyjacket.info

ssvhelpman.net

y-t-design.com

eminentabroad.com

codingcamp.store

bester.capital

tanjiya23.site

bheniamyn.dev

top5monitor.com

bit-prim.trade

airstreamsocialclub.com

darkwarspod.com

zazisalesdistribution.com

vivolentlo.online

daftburo.net

elemangelsin.xyz

Targets

    • Target

      SecuriteInfo.com.Trojan.Siggen19.18804.23332.14940.exe

    • Size

      740KB

    • MD5

      a33d9b8d1cf40a7d3bd2601917276ed4

    • SHA1

      4fcf9b739705cdc9dd1643c152df2a1db4ae2e48

    • SHA256

      ddec6968806b89640eed8ad10d3f33e1cdf0c5a9f596e128d9f3fbcecfad5fbd

    • SHA512

      0d8870bfcee2d68eff506ae507f9e20b25dc9ec4eb54d8212dc8743a8e443b26cded51e9e845777d2f124d86ca26495694553e05872a6668fdd2dff634cd4892

    • SSDEEP

      12288:kwl+momPZefiPtqvyu1JtnN8t2iZX65arc2+dTbt1NbXBFHWf0Tg90/G:romxiiQF1fN88iZX65S+t1NzBRWeaoG

    Score
    10/10
    formbookoi05ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks