Overview

overview

10

Static

static

Invoice_Tr...45.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice_Tracking_574759905735853983575835355NVMNBCKJD245.exe

  • Size

    274KB

  • Sample

    220919-lxh2gsbdc4

  • MD5

    324374135914ce8757896f4be3370dd2

  • SHA1

    e246f19b67cbb0ac63606018faed40623473ba2f

  • SHA256

    13b9cfa2fa9fcd13e989d2914f5933a3d1e210cfd978e8f69b0efd0ecca62ba3

  • SHA512

    7a60ae44226fa7bce7ac65e87bb8a5ccb1aee622c3ae6d4f52d59d9dcbba5a7e43557547ddb4cae77ed6cdcabed4c6a93259148525464ab303400c73f9545faf

  • SSDEEP

    6144:qumELYtgl0Ff3L5gaRPz7A63fgECLRTyC/8yxuE3Tud6aFuzRWfoTG:qrELYtguZ1A6vgEevY8LaFARWfL

Score
10/10
formbookf4caratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

f4ca

Decoy

QYZ6iE9Y+CsiZpCBareS0uU=

N2FQLAaH6xXE

Vc6t0MQXN+Llxsqg

ElBedmSvYGGm6yLDhHqzAtmlCxWl

4VpIWShqHR5cpjfQ4bs=

mepO9miu/iFiQQ==

Z8Owqh54IlwEpDfQ4bs=

qcq4uT5HecWZG3EVwKTiUE7slrGQGiyo

IaYYoJikKDDqgV/NigZCLA==

4Xz5pfoCCW/76NnOUrFEOw==

xiijSkVJ3Yuh9OKDcmui/d2lCxWl

cr8MmfpCEu0ULsO3p6w=

JLm2yKHo7hdVb8O3p6w=

Hriy5svWm2Qfq9mPQib9jJI65gOr

2G3nkRpidunlxsqg

gPHUAeXmi8Q9ARy3

6l5WaOf8BxhQDkp5gKQ=

KHHiXs4WOqXZdPhpaw==

+UQ5Vz5O0Ms9ARy3

pNQygKu0OziAvjOHRGLnJA==

Targets

    • Target

      Invoice_Tracking_574759905735853983575835355NVMNBCKJD245.exe

    • Size

      274KB

    • MD5

      324374135914ce8757896f4be3370dd2

    • SHA1

      e246f19b67cbb0ac63606018faed40623473ba2f

    • SHA256

      13b9cfa2fa9fcd13e989d2914f5933a3d1e210cfd978e8f69b0efd0ecca62ba3

    • SHA512

      7a60ae44226fa7bce7ac65e87bb8a5ccb1aee622c3ae6d4f52d59d9dcbba5a7e43557547ddb4cae77ed6cdcabed4c6a93259148525464ab303400c73f9545faf

    • SSDEEP

      6144:qumELYtgl0Ff3L5gaRPz7A63fgECLRTyC/8yxuE3Tud6aFuzRWfoTG:qrELYtguZ1A6vgEevY8LaFARWfL

    Score
    10/10
    formbookf4caratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Blocklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks