General

  • Size

    844KB

  • Sample

    220923-hamjlshcgm

  • MD5

    ab4f11300b28fca30e7b1febe92fe21e

  • SHA1

    d436f88bb93be78b99c06db844611ffc217c214f

  • SHA256

    649e67dfa9829d849ab0e2e5dd9c40702dbb89cf5a8a02ad111c5f2df79c411f

  • SHA512

    28e0a4754d23fa1b5be34170aaa78812d3ef0794aa1e1082ff848075198856455df7ddf4e0742bc4d23093012cd352ba1eb0fd43bbd7f8ee79bf9b39ac7b7b13

Malware Config

Extracted

Family

formbook

Campaign

c1no

Decoy

NOAZ1GtFnUx1bqjUWmD6

sUBk3CYAoWuQfq3UWmD6

5vwrVl0msDtpEkYt

VtL6sSoIchhMStcj5DxYbm3FBw==

BKjy1ZxyhhuJ2guPWUI=

eAgklPLAE7zgqOmwRqPNOQLXz1Y=

aApC9n9Zp0ZhObwjLLLUAg1cjsx6Lg==

OrLZYLeFBavC1cD5+A==

jJm87eu4hy/QMbYE/wzDRQLXz1Y=

s63OS5RsBKrY3FurpDZXbm3FBw==

hyxwKsePxJNCwwejbEg=

l5667e2vQOkM4hFPE5yA0Q==

wTtVQBT04YkyoNKoN53GFV9m2hpS

+pzWhBnS26FJqiRyZXQrqR1Ow/1B

d/VHx031x5W2

GjhhiKSDZ/1txQejbEg=

nDhRjp5e9JeQiKzm+gqI41hdV5nFhsI=

ws4wtUMZYA1pEkYt

GazXV6Fr6akfcvxEOcbpTTCmMEq7Jg==

2vAOHufF5MT6VdU=

Targets

    • Target

      DOC20220919-56789098765560890.exe

    • Size

      844KB

    • MD5

      ab4f11300b28fca30e7b1febe92fe21e

    • SHA1

      d436f88bb93be78b99c06db844611ffc217c214f

    • SHA256

      649e67dfa9829d849ab0e2e5dd9c40702dbb89cf5a8a02ad111c5f2df79c411f

    • SHA512

      28e0a4754d23fa1b5be34170aaa78812d3ef0794aa1e1082ff848075198856455df7ddf4e0742bc4d23093012cd352ba1eb0fd43bbd7f8ee79bf9b39ac7b7b13

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation