General

  • Target

    Quotation.exe

  • Size

    233KB

  • Sample

    200710-n85pt19xxe

  • MD5

    560be75b2b6cfdace7266e5e345f242a

  • SHA1

    0217bcea49f188b04f5d4b2d35c9c2e10be55189

  • SHA256

    9c1501fbd2eb669ccbe4a41e37770191e954e6f0dd3e0a954a0670a91df3917c

  • SHA512

    577e82392b55506580cff192eee0e389f5bc6a3c53939da1aa7fb73985425a2a3d98f6acf2fb6606be1278d6e3a62863a575ea910f27810eb4c7e5d6027b7ed1

Malware Config

Targets

    • Target

      Quotation.exe

    • Size

      233KB

    • MD5

      560be75b2b6cfdace7266e5e345f242a

    • SHA1

      0217bcea49f188b04f5d4b2d35c9c2e10be55189

    • SHA256

      9c1501fbd2eb669ccbe4a41e37770191e954e6f0dd3e0a954a0670a91df3917c

    • SHA512

      577e82392b55506580cff192eee0e389f5bc6a3c53939da1aa7fb73985425a2a3d98f6acf2fb6606be1278d6e3a62863a575ea910f27810eb4c7e5d6027b7ed1

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Adds Run entry to policy start application

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

    • js

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks