Overview

overview

10

Static

static

PURCHASE ORDER.exe

windows7_x64

6

PURCHASE ORDER.exe

windows10_x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    PURCHASE ORDER.exe

  • Size

    534KB

  • Sample

    200716-jcjstct1re

  • MD5

    30a88aaca2412bcc3914382dce41ae1a

  • SHA1

    4abbc932878a42eec7a438fc383370e83ea43d7e

  • SHA256

    57234a3ec3bf2d3e6539a25221595d791fcf68dbed39a942651819c74fc3c664

  • SHA512

    8db262de282eaa5471963eae4f08729b21728cf783184d819221fba6283153817aa71f8a7f22f0d6ee24bd123fd2b9dfea9fb20c46db1a62710ebdaab3958b94

Score
10/10
formbookevasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      PURCHASE ORDER.exe

    • Size

      534KB

    • MD5

      30a88aaca2412bcc3914382dce41ae1a

    • SHA1

      4abbc932878a42eec7a438fc383370e83ea43d7e

    • SHA256

      57234a3ec3bf2d3e6539a25221595d791fcf68dbed39a942651819c74fc3c664

    • SHA512

      8db262de282eaa5471963eae4f08729b21728cf783184d819221fba6283153817aa71f8a7f22f0d6ee24bd123fd2b9dfea9fb20c46db1a62710ebdaab3958b94

    Score
    10/10
    evasiontrojanpersistencespywarestealerformbook

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Adds policy Run key to start application

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks