Overview

overview

10

Static

static

Facturas.exe

windows7_x64

7

Facturas.exe

windows10_x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Facturas.exe

  • Size

    639KB

  • Sample

    200708-fq318vyhkn

  • MD5

    d42623d0669082db1713a751ef94fc68

  • SHA1

    9d8bb3b343f1f380b799a16c38be6d546d3f7d00

  • SHA256

    aa00f82fb3dd04417a278bc9362becdf39fcb3e4e23893327e16a8792334635f

  • SHA512

    ffb5b361dae3aebb561bb0fe60a56ce63b957e686690cf96107e5cee76234f11ce6d4fc911ea56bf172599da92cef4609640d981ae74319761ff5d0e83c65660

Score
10/10
formbookevasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      Facturas.exe

    • Size

      639KB

    • MD5

      d42623d0669082db1713a751ef94fc68

    • SHA1

      9d8bb3b343f1f380b799a16c38be6d546d3f7d00

    • SHA256

      aa00f82fb3dd04417a278bc9362becdf39fcb3e4e23893327e16a8792334635f

    • SHA512

      ffb5b361dae3aebb561bb0fe60a56ce63b957e686690cf96107e5cee76234f11ce6d4fc911ea56bf172599da92cef4609640d981ae74319761ff5d0e83c65660

    Score
    10/10
    persistencespywareevasiontrojanstealerformbook

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run entry to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks