Overview

overview

10

Static

static

IMAGES-001...DF.exe

windows7_x64

10

IMAGES-001...DF.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMAGES-001-QUOTE REQUEST #21800176_354667485903 _09_07_2020PDF.exe

  • Size

    504KB

  • Sample

    200710-rzgkjcfxjj

  • MD5

    c1b13db471da675d9887133f6de51d4d

  • SHA1

    ee4185e2232581c17e45b5598a07a99f49887364

  • SHA256

    8ea404b56d3341cbcc42c2f9b99c6cf8aa457d94b5319e19bee72859be9b1c32

  • SHA512

    40076fb9f71a1c96be4883cc595a7cbee3da9701ad2633d20a31d125a19382ad14b43de18ff17eac96d211e2885137d61ee34065739c6b5967592a91c8050a65

Score
10/10
formbookpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      IMAGES-001-QUOTE REQUEST #21800176_354667485903 _09_07_2020PDF.exe

    • Size

      504KB

    • MD5

      c1b13db471da675d9887133f6de51d4d

    • SHA1

      ee4185e2232581c17e45b5598a07a99f49887364

    • SHA256

      8ea404b56d3341cbcc42c2f9b99c6cf8aa457d94b5319e19bee72859be9b1c32

    • SHA512

      40076fb9f71a1c96be4883cc595a7cbee3da9701ad2633d20a31d125a19382ad14b43de18ff17eac96d211e2885137d61ee34065739c6b5967592a91c8050a65

    Score
    10/10
    trojanspywarestealerformbookpersistence

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Adds Run entry to policy start application

      persistence

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks