Overview

overview

10

Static

static

SecuriteIn...52.exe

windows7-x64

10

SecuriteIn...52.exe

windows10-2004-x64

10

Resubmissions

23-09-2022 06:55

220923-hpzsgshdcm 10

23-09-2022 05:40

220923-gcv34ahbhj 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.MSIL.Kryptik.AGMJ.tr.27252.exe

  • Size

    922KB

  • Sample

    220923-hpzsgshdcm

  • MD5

    2c3af67b622e7995777c91f9b64d37fa

  • SHA1

    d63b0f44eff73bbfa2949a47c503d3fa1ff2a224

  • SHA256

    db1446aa0758623a0dcebe15dd6742166f391ed938914b3e8339188b21513ebc

  • SHA512

    4949e4ebadf894e3304c317e0b664b64056c7107f967f311df968dd6b4d198f6b6a3bea2b69197f4cb27d7d7f173374756a5129cb15fdecb57d91f4c921412b4

  • SSDEEP

    12288:cd/yNU/TuF4sC0HuV/ldxf9eOBx0mLtOCyOeULosAj6yFiVC3nGv/Oj:wyOLuFEpV/nh9eM6fOeUU

Score
10/10
formbooknhg6ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

nhg6

Decoy

FSZGb3Of7ECMIOG9mh1ql/w=

DAPP3Pm63eo+zg==

khOZTuClxYsKQsZALgy3ob9TFAk=

5uWol2f/RF3CAwFd

P70LqPOi2iE9g4vpPH1Lk8E0K6tC

KBRl7TSt3eo+zg==

rqedJWUJXKkDbORa

lpORtIg8lvMKbJ77PQW9kes=

Qinv+gsohAIooqyTcfUYgZ/IVxQ=

J0L2ggPAiE2gxm4=

r/I6qOGI5noJCghf

khJg6HKM6l9okVK+pg==

HRMTK/6p3eo+zg==

HqMiuv2JaKYJCghf

+FzGYtsGTpK46OkKkh5C

BBrOUpUY91R/r8gkPwrcuw==

klWfn2smdNcqog581h6vX7px

t8uvr7+R7IPaHSOH1hqvX7px

bHdghkj64OjzY2hOLa/WObrRkkeJjQ==

s3/smhoylh1J0mPS4aDHBDRyJw==

Targets

    • Target

      SecuriteInfo.com.MSIL.Kryptik.AGMJ.tr.27252.exe

    • Size

      922KB

    • MD5

      2c3af67b622e7995777c91f9b64d37fa

    • SHA1

      d63b0f44eff73bbfa2949a47c503d3fa1ff2a224

    • SHA256

      db1446aa0758623a0dcebe15dd6742166f391ed938914b3e8339188b21513ebc

    • SHA512

      4949e4ebadf894e3304c317e0b664b64056c7107f967f311df968dd6b4d198f6b6a3bea2b69197f4cb27d7d7f173374756a5129cb15fdecb57d91f4c921412b4

    • SSDEEP

      12288:cd/yNU/TuF4sC0HuV/ldxf9eOBx0mLtOCyOeULosAj6yFiVC3nGv/Oj:wyOLuFEpV/nh9eM6fOeUU

    Score
    10/10
    formbooknhg6ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks