Overview

overview

10

Static

static

3

MajorRevision.exe

windows7-x64

10

MajorRevision.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9291d9163cab80c9242879edc953e682.bin

  • Size

    263KB

  • Sample

    230517-bpv1zacd3s

  • MD5

    ad3267af3cab9b3d03cee7406ae9cfb4

  • SHA1

    bbad33899fdbda907b51656f8d6917191b7084c3

  • SHA256

    6b25163b440dd83a1bff2789bd9f2f1631c37c5b80fbff10b909edc364c69ec2

  • SHA512

    b7866dfa4afa6b915aead15d89f6f9d3e37857c1a2543cd138332664ee1cc711502c85261fec021018aac30d51b00208295ca4006f54b812820d928baa53dca3

  • SSDEEP

    6144:frhaF6w0ymG0mXub2t7inIWHkYIBumjiO6kgDT0hhP:frwF90yLXub67qHkYQI38P

Score
10/10
formbookm82ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m82

Decoy

jamesdevereux.com

artificialturfminneapolis.com

hongmeiyan.com

lojaderoupasbr.com

yit.africa

austinrelocationexpert.com

saiva.page

exitsategy.com

chochonux.com

klosterbraeu-unterliezheim.com

byseymanur.com

sblwarwickshire.co.uk

brazimaid.com

ciogame.com

bronzesailing.com

dwkapl.xyz

022dyd.com

compassandpathwriting.com

alphabet1x.com

selfcleaninghairbrush.co.uk

Targets

    • Target

      MajorRevision.exe

    • Size

      348KB

    • MD5

      93b2754b3afa34b828cb071f036a8d31

    • SHA1

      db5fe2d1ac4bebb309b76dfa01dd6024152d8963

    • SHA256

      42dc8c1b59e676d065485a22fb11939ad1eac5114d0aba1e841cc404ebc08305

    • SHA512

      627109227413f4caa4390a203a6cac2a526656f7a7cd2bb8dbafc6ede6f6af4f7646a19c67a30568374e331c2671286244482c9d44416069997838876bae4db4

    • SSDEEP

      6144:AKWU8NrrXs+WsHmwZTbiDXRGgXn7jto/miDSEMZGlEjqZSHeQbn:AU8pIdxn7jevD1XM

    Score
    10/10
    formbookm82ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Command-Line Interface

1
T1059

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks