Overview

overview

10

Static

static

RFQ_EDM202011.exe

windows7_x64

7

RFQ_EDM202011.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ_EDM202011.exe

  • Size

    524KB

  • Sample

    200709-ywltfndp1j

  • MD5

    b20f108e61c409deeb691fbab3120a42

  • SHA1

    0d486d407d650aea66d87d61af363da24c2c5dfe

  • SHA256

    0a0ac8e138fdddc9e18357375ff41da88e340ac4dfc225d2d60976607dac8d8c

  • SHA512

    1279f57366a776db447720f34756268da67b4b764c90b1cbc22769bde14fd0f99c49d1eb53d74c3e289b3f7996502295cef657ca2c82c96f3f90bbdc34ffd1cd

Score
10/10
formbookpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      RFQ_EDM202011.exe

    • Size

      524KB

    • MD5

      b20f108e61c409deeb691fbab3120a42

    • SHA1

      0d486d407d650aea66d87d61af363da24c2c5dfe

    • SHA256

      0a0ac8e138fdddc9e18357375ff41da88e340ac4dfc225d2d60976607dac8d8c

    • SHA512

      1279f57366a776db447720f34756268da67b4b764c90b1cbc22769bde14fd0f99c49d1eb53d74c3e289b3f7996502295cef657ca2c82c96f3f90bbdc34ffd1cd

    Score
    10/10
    persistencespywaretrojanstealerformbook

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Adds Run entry to policy start application

      persistence

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run entry to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks