Overview

overview

10

Static

static

SecuriteIn...40.exe

windows7-x64

10

SecuriteIn...40.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.23640.exe

  • Size

    844KB

  • Sample

    220920-mchewscfg9

  • MD5

    8ecc627c9482759c892a511f8937ed6d

  • SHA1

    9b587b04b82f178ec39b0045df44d06fe09b3c8d

  • SHA256

    53a615ea14a378e75ee0c5b5d170e6591f19897b6d86fc5ac4a58594e9fe2e78

  • SHA512

    dfcdf900003f5442da172194edefc9ac9c10be635ebda72a47f70087f8519fe5dc4290737959ce0cac32e6b67615004a375d2edc1753f8abe44c894e62519655

  • SSDEEP

    12288:YUeLOhIw27zpDmaC+YcPA3F8a0S6rM6W+IbQ2bBk53xjszv89RoMfb:Yk1272xcYqa09MkIVbBk53xk4aMfb

Score
10/10
formbookc1noratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

c1no

Decoy

NOAZ1GtFnUx1bqjUWmD6

sUBk3CYAoWuQfq3UWmD6

5vwrVl0msDtpEkYt

VtL6sSoIchhMStcj5DxYbm3FBw==

BKjy1ZxyhhuJ2guPWUI=

eAgklPLAE7zgqOmwRqPNOQLXz1Y=

aApC9n9Zp0ZhObwjLLLUAg1cjsx6Lg==

OrLZYLeFBavC1cD5+A==

jJm87eu4hy/QMbYE/wzDRQLXz1Y=

s63OS5RsBKrY3FurpDZXbm3FBw==

hyxwKsePxJNCwwejbEg=

l5667e2vQOkM4hFPE5yA0Q==

wTtVQBT04YkyoNKoN53GFV9m2hpS

+pzWhBnS26FJqiRyZXQrqR1Ow/1B

d/VHx031x5W2

GjhhiKSDZ/1txQejbEg=

nDhRjp5e9JeQiKzm+gqI41hdV5nFhsI=

ws4wtUMZYA1pEkYt

GazXV6Fr6akfcvxEOcbpTTCmMEq7Jg==

2vAOHufF5MT6VdU=

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.23640.exe

    • Size

      844KB

    • MD5

      8ecc627c9482759c892a511f8937ed6d

    • SHA1

      9b587b04b82f178ec39b0045df44d06fe09b3c8d

    • SHA256

      53a615ea14a378e75ee0c5b5d170e6591f19897b6d86fc5ac4a58594e9fe2e78

    • SHA512

      dfcdf900003f5442da172194edefc9ac9c10be635ebda72a47f70087f8519fe5dc4290737959ce0cac32e6b67615004a375d2edc1753f8abe44c894e62519655

    • SSDEEP

      12288:YUeLOhIw27zpDmaC+YcPA3F8a0S6rM6W+IbQ2bBk53xjszv89RoMfb:Yk1272xcYqa09MkIVbBk53xk4aMfb

    Score
    10/10
    formbookc1noratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks