Overview

overview

10

Static

static

sample cat...22.exe

windows10-2004-x64

10

Resubmissions

15-09-2022 17:54

220915-wg9vdadga6 10

15-09-2022 17:52

220915-wfs58shdgr 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample catalog2022.exe

  • Size

    288KB

  • Sample

    220915-wfs58shdgr

  • MD5

    f0e10bf42bfb76de46b122a9ab381e1f

  • SHA1

    510a22752b3624bb71ab9c198c876b13cd6be9e1

  • SHA256

    5e6ca13143ba73ac8595785c5741f5da0505c0155140d63852aa6d1e74fc081f

  • SHA512

    f6e5ce2530615213a69cc1494667aed3e6b01321aba02c75c4cbb126ef130e8deb1ddd3c23fe73d2de2009dd75dd6c288ee935df1b4471249d5c04e68ae52790

  • SSDEEP

    6144:JH/k7Gstb+5NcvahAKNRqF3hfvAoKqS8bZufRuV8vfBG:Jfkvw5mahbPqnQWv8vfc

Score
10/10
formbookdwdpratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

dwdp

Decoy

jPxWFTS1Rn/K/LD47WRRW7+Veuct8yc=

ke1Wv1l26dZZxDikX9dU3s6k8+w=

+vtNyVBkx8VMf5KCaIj8DYR5QyLJgQ==

GHXPhYzwXcKgZwqBb/kejm7rfobj

yalW64iE8+aXs70=

MD83dBR0KSF4fizgRhAM

Xti3uNm2JDWgssPgRhAM

X7gYbv5uJhpvjdI0Qg==

ydxGznbNJ3tCCLAX4arq4nweMuQ=

Ca+fvtST8OBbosPgRhAM

kG1QegD8mU/E/hLw1t0=

g9FFFjEC5C2IvR/BhbSrpw==

PCkpeg38W0aPdg1rav1DFnVASw==

vSq+xBf3qjY27H3yqepK+g+nOmOMc3m7

G7WYirSZS9EYob8=

WbEWaOVIAPlSNNc4LsfL53weMuQ=

hnyAvEY4n3rTKS4g5mHKxR0=

JN7b0uCqVrQydMl7JNw=

XTki/RASDK6BCW0q8sU=

DQMBWA9wJyOKqqGSmGHKxR0=

Targets

    • Target

      sample catalog2022.exe

    • Size

      288KB

    • MD5

      f0e10bf42bfb76de46b122a9ab381e1f

    • SHA1

      510a22752b3624bb71ab9c198c876b13cd6be9e1

    • SHA256

      5e6ca13143ba73ac8595785c5741f5da0505c0155140d63852aa6d1e74fc081f

    • SHA512

      f6e5ce2530615213a69cc1494667aed3e6b01321aba02c75c4cbb126ef130e8deb1ddd3c23fe73d2de2009dd75dd6c288ee935df1b4471249d5c04e68ae52790

    • SSDEEP

      6144:JH/k7Gstb+5NcvahAKNRqF3hfvAoKqS8bZufRuV8vfBG:Jfkvw5mahbPqnQWv8vfc

    Score
    10/10
    formbookdwdpratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks