General

  • Target

    Document2.exe

  • Size

    649KB

  • Sample

    200709-qy8bm4pbvn

  • MD5

    3f4f53f1ab6fcb15e70eb577a45a2c46

  • SHA1

    9784cf4ade8b26e4ec31c3b7ae02bd7b7180daeb

  • SHA256

    a405c8cf0c233bddd6849726247d1426589e3a709e0a0378be86d93868fac48c

  • SHA512

    83b51cfc80910bf1ceff43225ecbf17b1f515387689a86d7154b3c586c123a8d4090f4f38e90d3a47463e2b495fa808a78e246375bd071f7dc013d06f93711d2

Malware Config

Targets

    • Target

      Document2.exe

    • Size

      649KB

    • MD5

      3f4f53f1ab6fcb15e70eb577a45a2c46

    • SHA1

      9784cf4ade8b26e4ec31c3b7ae02bd7b7180daeb

    • SHA256

      a405c8cf0c233bddd6849726247d1426589e3a709e0a0378be86d93868fac48c

    • SHA512

      83b51cfc80910bf1ceff43225ecbf17b1f515387689a86d7154b3c586c123a8d4090f4f38e90d3a47463e2b495fa808a78e246375bd071f7dc013d06f93711d2

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Adds Run entry to policy start application

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run entry to start application

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks