Overview

overview

10

Static

static

Memorandum.exe

windows7_x64

10

Memorandum.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Memorandum.exe

  • Size

    654KB

  • Sample

    200709-yndfsk7q2j

  • MD5

    6ee086f9280e9b6dd55baeb5d247b8fc

  • SHA1

    5492172488c392f929acb9b7cd775f940841eff0

  • SHA256

    5749af95d51ba8e5d08b5724c8806a4e9fdd137ad4424ca2dd6f025a2662b421

  • SHA512

    922be9587b623bae08f20eda65cc0ef7ce2960c3ebfee6a22709bf3976b0a1a553bcfd72fa7304b59bb1ba680d219537fe1c8bdd47c6833c039f3c09cd20b6e5

Score
10/10
formbookevasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      Memorandum.exe

    • Size

      654KB

    • MD5

      6ee086f9280e9b6dd55baeb5d247b8fc

    • SHA1

      5492172488c392f929acb9b7cd775f940841eff0

    • SHA256

      5749af95d51ba8e5d08b5724c8806a4e9fdd137ad4424ca2dd6f025a2662b421

    • SHA512

      922be9587b623bae08f20eda65cc0ef7ce2960c3ebfee6a22709bf3976b0a1a553bcfd72fa7304b59bb1ba680d219537fe1c8bdd47c6833c039f3c09cd20b6e5

    Score
    10/10
    persistencespywareevasiontrojanstealerformbook

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Adds Run entry to policy start application

      persistence

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run entry to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks