Overview

overview

10

Static

static

DOC2022092...90.exe

windows7-x64

10

DOC2022092...90.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DOC2022092856789098765560890.exe

  • Size

    463KB

  • Sample

    220928-m3d56affe6

  • MD5

    9fc5136c71809ca5116aa57f4ffc2f41

  • SHA1

    ab592ed0edb886b9fb1cd2e8b90ef59b3f8d3d93

  • SHA256

    5f3d522c2e8fb5fa25bee03bdd61f8b957935e4209849358d41f49c39fe82ddc

  • SHA512

    2f4fc6cc58d14750e3220c2dfa49ac1587cc95e1386051e96b1b667f0b9715a90d581e85e33b8e99ecd8f7a8c0415844e1760d8ef592c2c00dee48d668c2f6ac

  • SSDEEP

    6144:YbVNADxpXBOX/zDQbJlEwqgvw3kV1IPZIOPnjhda+:eNAvxOX/mJlzV1nOPnFd

Score
10/10
formbookc1noratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

c1no

Decoy

SKHcqi+am5xGsHiCoXnH

BObxRpdRlNT5GCo3Eg8azNIQ

GPkN2SZ9gJOYqn4iaNIH6d1MRlk=

ZrdQ6Q4zd05LBFWPDc8=

KYQZEtvg85sq1t9jd7kazNIQ

KWu2/CZdnIFgf0p8

YlJ9mWmf+XkCjxzXSw==

nPeaENkZPzjWSh5DJiBVhlrTSx9V

GfUN8rKft59DsH2CoXnH

5ThnVCgjBm96jxzXSw==

pfb0D48Mk38v

uK6V0h16ziJXZuQ3NR8asKzT2Q==

QaxeYCJXoHFvKesgBSozIyC6bkTR8rbF

QT12wt/a0nsdrbY/oSGKqcq2wQ==

vfuiENwZZrvruTm5lHDF

iNsQyVnb3NHbtXyCoXnH

9jjn4jP8RyrjBYwNPvtfPg==

Wz1uwtUpdbrpwZXZq5HpXV7TSx9V

e9+RDvTx9HSZej/7PvtfPg==

oAeNwswNS6QgtnOdmcc=

Targets

    • Target

      DOC2022092856789098765560890.exe

    • Size

      463KB

    • MD5

      9fc5136c71809ca5116aa57f4ffc2f41

    • SHA1

      ab592ed0edb886b9fb1cd2e8b90ef59b3f8d3d93

    • SHA256

      5f3d522c2e8fb5fa25bee03bdd61f8b957935e4209849358d41f49c39fe82ddc

    • SHA512

      2f4fc6cc58d14750e3220c2dfa49ac1587cc95e1386051e96b1b667f0b9715a90d581e85e33b8e99ecd8f7a8c0415844e1760d8ef592c2c00dee48d668c2f6ac

    • SSDEEP

      6144:YbVNADxpXBOX/zDQbJlEwqgvw3kV1IPZIOPnjhda+:eNAvxOX/mJlzV1nOPnFd

    Score
    10/10
    formbookc1noratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks