Overview

overview

10

Static

static

8

ATPACK_4.PDF

windows7_x64

1

ATPACK_4.PDF

windows10_x64

1

DOC_3957.EXE

windows7_x64

10

DOC_3957.EXE

windows10_x64

10

DOC_4985.EXE

windows7_x64

10

DOC_4985.EXE

windows10_x64

10

QUOTATIO.DOC

windows7_x64

4

QUOTATIO.DOC

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SIN_TONG_HWA_TRADING.IMG

  • Size

    1.9MB

  • Sample

    210226-74exwc678x

  • MD5

    110f6ccb4b895841544a8aee876a4183

  • SHA1

    6c8d668dd5679cb06a77c9427d3a86861e7c7857

  • SHA256

    2c4a614f2ec55fa434983da9758e39b22771eda76e724ea31a91efc6184fb3eb

  • SHA512

    08f94664bdf0f4d28336cb31c6f8eeb3579432fb7c9c5590ec56207372266b8fc0f08b4ab32d12d92c8142d524e1040a22b754ce292b2445f5e214b6442d5222

Score
10/10
formbookxloaderevasionloadermacropersistenceratspywarestealertrojanxlm

Malware Config

Extracted

Family

formbook

C2

http://www.aubonmarcheduparc.com/rina/

Decoy

syndicauto.net

techvorx.com

palletrackingvancouver.com

pricetrackerindia.com

photocravings.com

jenniferlwilsonrn.com

cartucce-toner.com

fred-auto-sport.com

aletheajean.com

beautyhacks.website

seoalmaguer.com

cursoencasa.net

flex-eg.com

dygdreams.com

magnoliadawson.com

whitehouseeffectband.com

visualtrigger.art

kalinahybridseeds.com

glacesnamur.com

drbordogna.com

Targets

    • Target

      ATPACK_4.PDF

    • Size

      1.1MB

    • MD5

      97b633cfa6e5d9329a7f04ce66c528e7

    • SHA1

      7c91a71f3ea8c93e319bcecb43b08fb8f0c9073e

    • SHA256

      9c03bbb31370fc5905bbd9fa95c3d3033a2ec23d8e72acd25e9b809db0cf900e

    • SHA512

      d4ec9812c88eac896f0b29011adcae712d58d0d9ef96bbd3f263c694e422799d6ad94c07952bc55415bdacb2b57d1c055296f6666f6e2711c9d3da2261ef51e2

    Score
    1/10
    behavioral1behavioral2

    • Target

      DOC_3957.EXE

    • Size

      77KB

    • MD5

      1662b1ff6de1371a09ecabb5a2c14905

    • SHA1

      5a9353c5b8b1e1b19b7879cd483c9f715237c478

    • SHA256

      3a220e6bff537b270991d1bb49e530c7279fb643f8a9b5998bbefae6140a19f4

    • SHA512

      ae20025d79fbfbf85bceeaca71fcd170966eaa71761dffc4d96405311e314f44b4f6d5573747b6923da0477c0a2ba1ecd95c14e917aa9408c157c6964fd3b68f

    Score
    10/10
    formbookxloaderevasionloaderratspywarestealertrojan
    behavioral3behavioral4

    • Target

      DOC_4985.EXE

    • Size

      78KB

    • MD5

      31a018d815f0d317b090665f3c4050e8

    • SHA1

      976a5037b21e53bd265a9b82271db389be0279ff

    • SHA256

      c0edc415e1c08532783562faf5434e866087e82e257283fc3b0bb0081b040f24

    • SHA512

      e29ae8b6a24206d59cdce3f0a120cc7931c07100f2ace1cab2ad54967c9efe47f958c665101ac6e2e68132d4a0fba1d7a19eabe952eaf6baeb7033a794f60ccd

    Score
    10/10
    evasionpersistencetrojan
    behavioral5behavioral6

    • Target

      QUOTATIO.DOC

    • Size

      95KB

    • MD5

      4c2d70f7f532e41fbf53e5878aed4a52

    • SHA1

      7d7bb0f928b869d43fcfea602144b530791298be

    • SHA256

      d9ab65d69bc25482f7d45169a1e4b804f168333eba2e47613c451e1481c99aa5

    • SHA512

      4330660b764c19272f482af4d3fdb1ae2b79b0628a87bf9811fdfbeddaf77d094ccd60ab114293452253db9fb0299483ec9d8857aa31860c0d6bdafaab4b5799

    Score
    4/10
    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Bypass User Account Control

2
T1088

Defense Evasion

Modify Registry

11
T1112

Bypass User Account Control

2
T1088

Disabling Security Tools

6
T1089

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

8
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks