General
-
Target
MT103 PAYMENT COPY_PDF.exe
-
Size
369KB
-
Sample
200715-vaw9adqp1a
-
MD5
20a2543a7a37a75b93924dd83c03743d
-
SHA1
dacf53a9ae5c29a1d33fb2bf064ede984a0ad379
-
SHA256
8c55df1fdc1ac49e2c0a3b5b77bd044d842d2f6e38bd5f782d93853a560140fb
-
SHA512
3c49d4b09b5510e9a2ea24e75c9bf694a006cd31b9d06546aa08ac369cb8464916c40c7d0db566ef82d4b147e265582f5d081c26f3b6ad9e99f6c792c9be0d10
Malware Config
Targets
-
-
Target
MT103 PAYMENT COPY_PDF.exe
-
Size
369KB
-
MD5
20a2543a7a37a75b93924dd83c03743d
-
SHA1
dacf53a9ae5c29a1d33fb2bf064ede984a0ad379
-
SHA256
8c55df1fdc1ac49e2c0a3b5b77bd044d842d2f6e38bd5f782d93853a560140fb
-
SHA512
3c49d4b09b5510e9a2ea24e75c9bf694a006cd31b9d06546aa08ac369cb8464916c40c7d0db566ef82d4b147e265582f5d081c26f3b6ad9e99f6c792c9be0d10
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-