General

  • Target

    rectified quote.exe

  • Size

    400KB

  • Sample

    200713-g6aekvhj2j

  • MD5

    0c6982e8d622d6550a6a170f1c0b9c49

  • SHA1

    489f667a831be85ffd37288ca187d0517fc5d649

  • SHA256

    714e525a436fc97ce8b8e31b63c79e8f13cc0577c80f613f825cafdf7fddeb1f

  • SHA512

    c1b81fdc18fe5ab49b005a2e5847f6007c95baa8a04bd0b3140fc3e8295f05e141f5db2b07478798fcf5293be3f8415ae4d97daee7c926b69e8338c47898cadc

Malware Config

Targets

    • Target

      rectified quote.exe

    • Size

      400KB

    • MD5

      0c6982e8d622d6550a6a170f1c0b9c49

    • SHA1

      489f667a831be85ffd37288ca187d0517fc5d649

    • SHA256

      714e525a436fc97ce8b8e31b63c79e8f13cc0577c80f613f825cafdf7fddeb1f

    • SHA512

      c1b81fdc18fe5ab49b005a2e5847f6007c95baa8a04bd0b3140fc3e8295f05e141f5db2b07478798fcf5293be3f8415ae4d97daee7c926b69e8338c47898cadc

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Adds Run entry to policy start application

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks