General

  • Target

    crypt1.exe

  • Size

    773KB

  • Sample

    200708-gf99lnk8vx

  • MD5

    10bd8c618d9c9336eaee4cbcd815f398

  • SHA1

    4e01cc508c1487539f26053394f158a76b1d1402

  • SHA256

    6934eb93d7b5e16de0687da48a001b95c84f2b741e3e8775c8e32dcb70cf5b13

  • SHA512

    26f21c5fa2975f30cc59cbb66b5ff0c936089fb7d29c331514b82e8e6dd19c010e14c81b12ce4ffd0223b6df3b9a9ae17113f1a2853d9aa60766b5839a6be489

Malware Config

Targets

    • Target

      crypt1.exe

    • Size

      773KB

    • MD5

      10bd8c618d9c9336eaee4cbcd815f398

    • SHA1

      4e01cc508c1487539f26053394f158a76b1d1402

    • SHA256

      6934eb93d7b5e16de0687da48a001b95c84f2b741e3e8775c8e32dcb70cf5b13

    • SHA512

      26f21c5fa2975f30cc59cbb66b5ff0c936089fb7d29c331514b82e8e6dd19c010e14c81b12ce4ffd0223b6df3b9a9ae17113f1a2853d9aa60766b5839a6be489

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run entry to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks