General
-
Target
RFQ-07072022.exe
-
Size
774KB
-
Sample
220706-pt27qsegd4
-
MD5
e2097690a366910f7feb9145a0565784
-
SHA1
592786f2d6c84a2a38882f43a3ac2eac9414774a
-
SHA256
9a39f92f22837a2d1eabdc7b7f0eeff451de21fdf80261739301602ea3d9cdeb
-
SHA512
b56e3bf6d1f42c2ab068fc5e16034fc273d97dac557ac222e46d5640947dbfa71b556d64ffd7b6c25f352c5dd98d300bbad725cc4428741de2ecf1e8fd421f17
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-07072022.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ-07072022.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
RFQ-07072022.exe
-
Size
774KB
-
MD5
e2097690a366910f7feb9145a0565784
-
SHA1
592786f2d6c84a2a38882f43a3ac2eac9414774a
-
SHA256
9a39f92f22837a2d1eabdc7b7f0eeff451de21fdf80261739301602ea3d9cdeb
-
SHA512
b56e3bf6d1f42c2ab068fc5e16034fc273d97dac557ac222e46d5640947dbfa71b556d64ffd7b6c25f352c5dd98d300bbad725cc4428741de2ecf1e8fd421f17
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Adds policy Run key to start application
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-