Overview

overview

10

Static

static

DHL SHIPPI...df.exe

windows7-x64

10

DHL SHIPPI...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHL SHIPPING DOCUMENT AWB _111832457673,pdf.exe

  • Size

    293KB

  • Sample

    220926-r9cywsccfm

  • MD5

    dc02a7a8463574e482a040f393235189

  • SHA1

    4e288a9ad489d746ea935db9c6fc64184b93ea6a

  • SHA256

    91843e0ba089a90b4da071b53300a6aac7e88f432de027ce32cdbeb4a89ab4ab

  • SHA512

    863b10e9f167a8f42715d8162ef7d1a40826d29d15c58346b95d0960162a013110562db188640525076bc92802e974510ebb5cf4bc3734cfaabb43fbd3247b66

  • SSDEEP

    6144:DoDHUviTB7Ia4Lkqc4YVis/KfI3avCGx:aOiTsxc4vs/KI3avJx

Score
10/10
formbooknrlnratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

nrln

Decoy

IG7zJSm49UqTTuu/N/oTCIg=

CVLdAPgw0CRSMuZnRRU=

PiA5Z3umP2NyX81VGQhjWyS59nFYhXiG

5i6p4GeQqtBgNRfGNQ==

5984keYswxh8mGZHz4ipAHtQ

VNJaK4Gh0CrOvHpW/p353A==

71rEtrL2icToyKGhcWrTxjsFU5T98zeO

r3q1sy1iZaL+2XIUAob7yw==

9+83Qkrk/vV/jVXsDvoTCIg=

aMFAgYF1prov8/UErH/Y1A==

Alqtx/0rxwEbCLdudftl

ImCbnglBSUHF0mv2tTSP40bPeYao

s4DFNvAJ4GIJ+g==

phOa6mtS8QQICuZnRRU=

7TSu5vqRtB45EZtf4WDSTBHPeYao

ImPWqwUUIVWMQLyMbUab7tmspvNCcT8=

HF7jKjbGox2SAffTPw==

yAM3mOQot5l+cD0ikR5MGp8=

UYzW0/8z70JcQenVLidu1kLPeYao

OoCznp5UWz+hT9OBFXbfVhXPeYao

Targets

    • Target

      DHL SHIPPING DOCUMENT AWB _111832457673,pdf.exe

    • Size

      293KB

    • MD5

      dc02a7a8463574e482a040f393235189

    • SHA1

      4e288a9ad489d746ea935db9c6fc64184b93ea6a

    • SHA256

      91843e0ba089a90b4da071b53300a6aac7e88f432de027ce32cdbeb4a89ab4ab

    • SHA512

      863b10e9f167a8f42715d8162ef7d1a40826d29d15c58346b95d0960162a013110562db188640525076bc92802e974510ebb5cf4bc3734cfaabb43fbd3247b66

    • SSDEEP

      6144:DoDHUviTB7Ia4Lkqc4YVis/KfI3avCGx:aOiTsxc4vs/KI3avJx

    Score
    10/10
    formbooknrlnratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks