Overview

overview

10

Static

static

6115b75d6d...79.exe

windows7_x64

10

6115b75d6d...79.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6115b75d6dea7d18c4c335daee062579.exe

  • Size

    847KB

  • Sample

    200716-jmrrh9c7y2

  • MD5

    6115b75d6dea7d18c4c335daee062579

  • SHA1

    edd36175f46101077bd6946a2324e10c4c3f73aa

  • SHA256

    b0b9e3dc8734f410aa2312b54b09cd299d427f0b04b5c57c5cccc0b58fe966fa

  • SHA512

    85ff43706d9e45c376bc72bb4040b5ad0e3480f479074758502e217e82f46021eddafbd9eef08a1b5d0ecb8e64bdcb15043643f858a8bf7eb2ee95da6369aaaf

Score
10/10
formbookevasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      6115b75d6dea7d18c4c335daee062579.exe

    • Size

      847KB

    • MD5

      6115b75d6dea7d18c4c335daee062579

    • SHA1

      edd36175f46101077bd6946a2324e10c4c3f73aa

    • SHA256

      b0b9e3dc8734f410aa2312b54b09cd299d427f0b04b5c57c5cccc0b58fe966fa

    • SHA512

      85ff43706d9e45c376bc72bb4040b5ad0e3480f479074758502e217e82f46021eddafbd9eef08a1b5d0ecb8e64bdcb15043643f858a8bf7eb2ee95da6369aaaf

    Score
    10/10
    persistencespywaretrojanstealerformbookevasion

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks