General

  • Target

    NEW ORDER APPROVED_PDF.exe

  • Size

    368KB

  • Sample

    200713-1s2rnk7w1j

  • MD5

    c3782f33095e240a6c570b8d1265eaa4

  • SHA1

    e40c6809253127c918848e2db3173205c12d3def

  • SHA256

    6023812166224ffe7f3ff3efacddccd27c4ae1f09aa2dc9e2f5c8557d6bb4382

  • SHA512

    9138e8059fe1b00d9a6522b984a5134a39508a45f2d4b4bfb89c9843cc8ca161f2960ab2aa4fee25c8cc8fc6398b9d00beddccf126432233d75fd40792681677

Malware Config

Targets

    • Target

      NEW ORDER APPROVED_PDF.exe

    • Size

      368KB

    • MD5

      c3782f33095e240a6c570b8d1265eaa4

    • SHA1

      e40c6809253127c918848e2db3173205c12d3def

    • SHA256

      6023812166224ffe7f3ff3efacddccd27c4ae1f09aa2dc9e2f5c8557d6bb4382

    • SHA512

      9138e8059fe1b00d9a6522b984a5134a39508a45f2d4b4bfb89c9843cc8ca161f2960ab2aa4fee25c8cc8fc6398b9d00beddccf126432233d75fd40792681677

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run entry to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks