Overview

overview

10

Static

static

TAHACO VIN...df.exe

windows7_x64

10

TAHACO VIN...df.exe

windows10_x64

10

Resubmissions

26-01-2022 06:16

220126-g1e2sahhf5 10

26-01-2022 03:36

220126-d5x7daegel 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TAHACO VINA CO.,LTD-Pdf.exe

  • Size

    594KB

  • Sample

    220126-g1e2sahhf5

  • MD5

    e29356e57c24e80ea68f7e43b0984ad0

  • SHA1

    7dda49868a0f070bf29f1fb5845af63c16d7b5ab

  • SHA256

    d538d68cddac2610bba6c965956bbb1cc2db1c929a74451a97c39d3b5138c267

  • SHA512

    67376920406a8047dd5c0671b21449d0a43c71e4fbc7c65fa174d7375416da63a1d825f10e683a513592c33e60f8f87f3a4d6ddb6821e4033109d90f9a8dc9ef

Score
10/10
formbookm17ypersistenceratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m17y

Decoy

dental-implants-us-prices.site

eolegends.online

drskinstudio.com

miamivideomapping.com

cqytwater.com

fesfe.net

dlautostore.com

wwwpledge.com

trynutiliti.com

551milesoak.com

jemmetalfab.com

teamtrinitysellsncarolina.com

injurypersonallawyer.com

r3qcf2.xyz

djellaba-boutique.com

t6fwagd.xyz

lm-upto100.com

shyashijz.com

classicbasilicata.com

exactias.com

Targets

    • Target

      TAHACO VINA CO.,LTD-Pdf.exe

    • Size

      594KB

    • MD5

      e29356e57c24e80ea68f7e43b0984ad0

    • SHA1

      7dda49868a0f070bf29f1fb5845af63c16d7b5ab

    • SHA256

      d538d68cddac2610bba6c965956bbb1cc2db1c929a74451a97c39d3b5138c267

    • SHA512

      67376920406a8047dd5c0671b21449d0a43c71e4fbc7c65fa174d7375416da63a1d825f10e683a513592c33e60f8f87f3a4d6ddb6821e4033109d90f9a8dc9ef

    Score
    10/10
    formbookm17ypersistenceratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Command-Line Interface

1
T1059

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

3
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks