Overview

overview

10

Static

static

1

SecuriteIn...39.exe

windows7-x64

10

SecuriteIn...39.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Variant.Jaik.107269.23782.2039.exe

  • Size

    270KB

  • Sample

    221207-bv8t1sfb6w

  • MD5

    0ff8e474e408769e00d0a563fd112b6f

  • SHA1

    a2c84573b26a5c8f928a07c642b5bdf01c4c842f

  • SHA256

    91b5a61f0615710ef9ca5fd015e1cbe36b908516c5882463e4bdc694133c0829

  • SHA512

    efa2bd96ef3f480d05cec21e61c77376ab36d75a373d9f3ab2027f782c31c8b957fc1a350119c64a3fcd2d55c65ef6647de03abc5ad0d24cf71e1b4c57490bed

  • SSDEEP

    6144:QBn1o2vrhVpx41JVnhm643WTQWRlq3B3BQjD32nPcPj:gXhVpm1PCE6xQjSW

Score
10/10
formbooksdq4ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

sdq4

Decoy

M/NxSqNc5vEVvfXWWA==

X0Q2HDisLuzoYHfD/mIcqVDnOotmMQ==

rpEiJ3YmytzsKpdRm4BC7C+2Tw==

fm8cTFjP2FWL2pX5CMjb

5ZhWW5wmXtrmLgrzSjT6uhFBjJHnOQ==

x7J40079eC34LH47UXg5nQ==

ZP8X4tob2taHVprY6DY=

a1jaSE2/8CrzM/8SUXg5nQ==

f5NPHDH65GxGSnZkngvT

IgmQAMCztfqJvfXWWA==

g1+wuFVS/tReSfENUXg5nQ==

SivMIukaJaRo0q8C

LQ9gYduaQQzUE5rY6DY=

TwJTqpALLLkbSI8=

uGsh+xbSG/Cg0Eqd1i8=

p1gOxrnIf1QXDg==

6cuOoOaSRhDQEprY6DY=

nIVfX649g7xtvfXWWA==

RiWd3WQpq7DSGJrY6DY=

ESeuyPlUh40hEw==

Targets

    • Target

      SecuriteInfo.com.Variant.Jaik.107269.23782.2039.exe

    • Size

      270KB

    • MD5

      0ff8e474e408769e00d0a563fd112b6f

    • SHA1

      a2c84573b26a5c8f928a07c642b5bdf01c4c842f

    • SHA256

      91b5a61f0615710ef9ca5fd015e1cbe36b908516c5882463e4bdc694133c0829

    • SHA512

      efa2bd96ef3f480d05cec21e61c77376ab36d75a373d9f3ab2027f782c31c8b957fc1a350119c64a3fcd2d55c65ef6647de03abc5ad0d24cf71e1b4c57490bed

    • SSDEEP

      6144:QBn1o2vrhVpx41JVnhm643WTQWRlq3B3BQjD32nPcPj:gXhVpm1PCE6xQjSW

    Score
    10/10
    formbooksdq4ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks