Overview

overview

10

Static

static

QUOTATION ...PY.exe

windows7_x64

10

QUOTATION ...PY.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    QUOTATION PDF_SCAN_COPY.exe

  • Size

    523KB

  • Sample

    220131-llgdhsghfr

  • MD5

    5e9af5b2056e4da639a9459e3b36193c

  • SHA1

    b779402e9a6ecbbef6b68817814991bbcade12df

  • SHA256

    35147128936c2e79548e5c0a2bbd70cd5a29c1b01dfa1ac2515fa5becb7efa6d

  • SHA512

    4f293bab428aeead9c4b0a411a9d0674bebd87cf89d92f2aa0b1ffc4d287d96b859365453f21040abc7b5dd4f452f52ed98661b8c16624d9915d4c40ecfe15ea

Score
10/10
formbookn2t4ratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n2t4

Decoy

livingthroughthechaos.net

videobuzzmedia.com

felineformulas.com

theorganicbees.com

bizoeflow.com

gtbcked.com

immortalapenft.com

pacherasrl.com

defunddrip.black

fromefarm.com

newmedicalnetwork.com

nikosblue.com

kaecfu.online

arcane-stylish.com

7ox.info

osamaabuzawayed.com

noemielatour.com

baccaratjava.com

latinfoodandwinefestival.com

magiclandstudios.com

Targets

    • Target

      QUOTATION PDF_SCAN_COPY.exe

    • Size

      523KB

    • MD5

      5e9af5b2056e4da639a9459e3b36193c

    • SHA1

      b779402e9a6ecbbef6b68817814991bbcade12df

    • SHA256

      35147128936c2e79548e5c0a2bbd70cd5a29c1b01dfa1ac2515fa5becb7efa6d

    • SHA512

      4f293bab428aeead9c4b0a411a9d0674bebd87cf89d92f2aa0b1ffc4d287d96b859365453f21040abc7b5dd4f452f52ed98661b8c16624d9915d4c40ecfe15ea

    Score
    10/10
    formbookn2t4ratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks