General

  • Target

    Request for Quotation-BV-76435020.exe

  • Size

    654KB

  • Sample

    200708-n4ghvphqn2

  • MD5

    a2fe795e8b63eb414f66e09953a56a46

  • SHA1

    ffd4c5641f9253d6004af10110ffcc630be27521

  • SHA256

    b00ebd12d239ba9f75f11b3ad96b127730779e48f3e2fead50c9e5a7b7ca598a

  • SHA512

    3a99dffb20ab52a9a771b495f9e7f7acbc72d319b265197cc8465211b44eea1fa9c1550581a083f176a97bfecab3f6c6d79033b3cc5a8fcfd75cb6ac27e9e65a

Malware Config

Targets

    • Target

      Request for Quotation-BV-76435020.exe

    • Size

      654KB

    • MD5

      a2fe795e8b63eb414f66e09953a56a46

    • SHA1

      ffd4c5641f9253d6004af10110ffcc630be27521

    • SHA256

      b00ebd12d239ba9f75f11b3ad96b127730779e48f3e2fead50c9e5a7b7ca598a

    • SHA512

      3a99dffb20ab52a9a771b495f9e7f7acbc72d319b265197cc8465211b44eea1fa9c1550581a083f176a97bfecab3f6c6d79033b3cc5a8fcfd75cb6ac27e9e65a

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Adds Run entry to policy start application

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run entry to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks