Overview

overview

10

Static

static

1

SecuriteIn...69.exe

windows7-x64

10

SecuriteIn...69.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Variant.Jaik.77520.20069.28067

  • Size

    332KB

  • Sample

    221209-bwkhtaeh8z

  • MD5

    a3bd608d019d827e4eee68f67f39a444

  • SHA1

    6e9874bac7b065a42110cef5c1b060de94123b2d

  • SHA256

    2af0bbe87c28664ad5b453eae02d512f770962319673b9c494d85b717a6f9edf

  • SHA512

    6b73f10a981a23c9ba0fee05d24b77b15220716172e8b48dc7d2e409e774e6fafbcdced2d5832a21f5863c38f51d553a51e1ad5ae15f7aae5d824366f2a289d8

  • SSDEEP

    6144:9kwmZ6RfPyO6qBUnqk5yx+9JjOGNE1STKB7xUbGpn9C+xv0/159Xmj2pO6GInyw:qZ6RfPyO6ZqN7GNsTVxBp9PdK5XmK5p

Score
10/10
formbookk6n9ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

k6n9

Decoy

NzUYPBPnE+UWNJX0b/5zZQ==

ZcsDmdfNeiREr4loZ9k=

p4Pecr+pmTFp+Az4AGoSpvqp

4jwUP0ApYThdpDmZcNp+xuej

0tmQjRQKSQbR0N86

MgfR+qwWljDdagbsn8Ukr8bc8A==

shQ3YCpOQPp/9g==

Q4mmwEidJLBJug25c6Vxcg==

OM1kEJDdGNpv7nMy

7FmP1iykTQZ7q0Hq5g==

9lVGWV44H63+A5oGc6Vxcg==

Bs97fiCGUye5Osm9xsOYZnb8SEC+YszE

xJMBmQj3MRDV7MBXzEep

mJpebAH7RkkGGbsZwZ/weg==

u6FXU+JCphyVyCsUBP0Spvqp

B/mwulPBDRm5q0Hq5g==

E+JiHcUb7gR+8A==

BgGOL5SLfQ9BzuPDxzeVKEIuOKDL

wZdfmzTbOcnEF3Mi1QnVpPCo

J63Z+Jv5L+JOhd+zc6Vxcg==

Targets

    • Target

      SecuriteInfo.com.Variant.Jaik.77520.20069.28067

    • Size

      332KB

    • MD5

      a3bd608d019d827e4eee68f67f39a444

    • SHA1

      6e9874bac7b065a42110cef5c1b060de94123b2d

    • SHA256

      2af0bbe87c28664ad5b453eae02d512f770962319673b9c494d85b717a6f9edf

    • SHA512

      6b73f10a981a23c9ba0fee05d24b77b15220716172e8b48dc7d2e409e774e6fafbcdced2d5832a21f5863c38f51d553a51e1ad5ae15f7aae5d824366f2a289d8

    • SSDEEP

      6144:9kwmZ6RfPyO6qBUnqk5yx+9JjOGNE1STKB7xUbGpn9C+xv0/159Xmj2pO6GInyw:qZ6RfPyO6ZqN7GNsTVxBp9PdK5XmK5p

    Score
    10/10
    formbookk6n9ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks