Overview

overview

10

Static

static

DOC2022091...08.exe

windows7-x64

10

DOC2022091...08.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DOC20220913-567890987655608.exe

  • Size

    495KB

  • Sample

    220924-rmkefsbdb8

  • MD5

    24cfcc6d2aad113f2cf5e56e6ad439f8

  • SHA1

    a2ab91dee9e7671c57678469643e3b2463ec38a6

  • SHA256

    c02ba72751bcd08440effe6f60db6c75d43c337f510f4b73f3fe70261b9d31c9

  • SHA512

    76008b53103b3bb12af4fb68e6b01ce7abe9e8ed2d0be1ba27df42b9fbbc3e126447d7a8f71636983eefedf4fe30e8ee68692ad80e2756a11b0ae60bd8758206

  • SSDEEP

    12288:MHBumaHX7OghxLM6O975yWddnhJuKL0pKk:suzOALFO995dM

Score
10/10
formbookc1noratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

c1no

Decoy

SKHcqi+am5xGsHiCoXnH

BObxRpdRlNT5GCo3Eg8azNIQ

GPkN2SZ9gJOYqn4iaNIH6d1MRlk=

ZrdQ6Q4zd05LBFWPDc8=

KYQZEtvg85sq1t9jd7kazNIQ

KWu2/CZdnIFgf0p8

YlJ9mWmf+XkCjxzXSw==

nPeaENkZPzjWSh5DJiBVhlrTSx9V

GfUN8rKft59DsH2CoXnH

5ThnVCgjBm96jxzXSw==

pfb0D48Mk38v

uK6V0h16ziJXZuQ3NR8asKzT2Q==

QaxeYCJXoHFvKesgBSozIyC6bkTR8rbF

QT12wt/a0nsdrbY/oSGKqcq2wQ==

vfuiENwZZrvruTm5lHDF

iNsQyVnb3NHbtXyCoXnH

9jjn4jP8RyrjBYwNPvtfPg==

Wz1uwtUpdbrpwZXZq5HpXV7TSx9V

e9+RDvTx9HSZej/7PvtfPg==

oAeNwswNS6QgtnOdmcc=

Targets

    • Target

      DOC20220913-567890987655608.exe

    • Size

      495KB

    • MD5

      24cfcc6d2aad113f2cf5e56e6ad439f8

    • SHA1

      a2ab91dee9e7671c57678469643e3b2463ec38a6

    • SHA256

      c02ba72751bcd08440effe6f60db6c75d43c337f510f4b73f3fe70261b9d31c9

    • SHA512

      76008b53103b3bb12af4fb68e6b01ce7abe9e8ed2d0be1ba27df42b9fbbc3e126447d7a8f71636983eefedf4fe30e8ee68692ad80e2756a11b0ae60bd8758206

    • SSDEEP

      12288:MHBumaHX7OghxLM6O975yWddnhJuKL0pKk:suzOALFO995dM

    Score
    10/10
    formbookc1noratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks