Overview

overview

10

Static

static

Purchase order-77.exe

windows7_x64

7

Purchase order-77.exe

windows10_x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Purchase order-77.exe

  • Size

    443KB

  • Sample

    200707-bxh2j179lx

  • MD5

    8a26d6812aece27f98e9985488d457b0

  • SHA1

    ba317aa78c6efd8e763f7b7a19c858724c6f2f1d

  • SHA256

    4fc6cac9d7547036158bc3aa8be06f2a6be57eabc406abf3a39c2cacb5f410b8

  • SHA512

    bc94d03c06d842601f755073c8e47e3ae6f1b07aab30d347c3884c23ebf8e72acdb972f0b3a034ec5c31b49e76cd5a995d737e5e7f7497b52290019930608576

Score
10/10
formbookevasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      Purchase order-77.exe

    • Size

      443KB

    • MD5

      8a26d6812aece27f98e9985488d457b0

    • SHA1

      ba317aa78c6efd8e763f7b7a19c858724c6f2f1d

    • SHA256

      4fc6cac9d7547036158bc3aa8be06f2a6be57eabc406abf3a39c2cacb5f410b8

    • SHA512

      bc94d03c06d842601f755073c8e47e3ae6f1b07aab30d347c3884c23ebf8e72acdb972f0b3a034ec5c31b49e76cd5a995d737e5e7f7497b52290019930608576

    Score
    10/10
    evasiontrojanspywarestealerformbookpersistence

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Adds Run entry to policy start application

      persistence

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks