Overview

overview

10

Static

static

Oferta_DGE...00.exe

windows7-x64

10

Oferta_DGE...00.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Oferta_DGERRJGHJFDFJ60302000000000000000000000000000.exe

  • Size

    559KB

  • Sample

    220928-r88zyagca7

  • MD5

    6de757042d9f2e530d7fb649625ef961

  • SHA1

    88f6612dae4ad693f57dbe2b86000781e3e16087

  • SHA256

    8b9d203307ae4697cbecd2064aeadc745c280d25d849db7d379a8d50376fde0c

  • SHA512

    302746e6dc2515d4b4a40c8be3ad101206304d84b26f6166704bbc06fddad41a57130d4ec92dbcafc68c23e4f6afff9d38b6dfbb8f5d3f9cf149d6b52968d347

  • SSDEEP

    12288:HToPWBv/cpGrU3yxlfmoU5V2INX6ZaK5zuF:HTbBv5rUsfmoWV2i655aF

Score
10/10
formbookf4caratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

f4ca

Decoy

QYZ6iE9Y+CsiZpCBareS0uU=

N2FQLAaH6xXE

Vc6t0MQXN+Llxsqg

ElBedmSvYGGm6yLDhHqzAtmlCxWl

4VpIWShqHR5cpjfQ4bs=

mepO9miu/iFiQQ==

Z8Owqh54IlwEpDfQ4bs=

qcq4uT5HecWZG3EVwKTiUE7slrGQGiyo

IaYYoJikKDDqgV/NigZCLA==

4Xz5pfoCCW/76NnOUrFEOw==

xiijSkVJ3Yuh9OKDcmui/d2lCxWl

cr8MmfpCEu0ULsO3p6w=

JLm2yKHo7hdVb8O3p6w=

Hriy5svWm2Qfq9mPQib9jJI65gOr

2G3nkRpidunlxsqg

gPHUAeXmi8Q9ARy3

6l5WaOf8BxhQDkp5gKQ=

KHHiXs4WOqXZdPhpaw==

+UQ5Vz5O0Ms9ARy3

pNQygKu0OziAvjOHRGLnJA==

Targets

    • Target

      Oferta_DGERRJGHJFDFJ60302000000000000000000000000000.exe

    • Size

      559KB

    • MD5

      6de757042d9f2e530d7fb649625ef961

    • SHA1

      88f6612dae4ad693f57dbe2b86000781e3e16087

    • SHA256

      8b9d203307ae4697cbecd2064aeadc745c280d25d849db7d379a8d50376fde0c

    • SHA512

      302746e6dc2515d4b4a40c8be3ad101206304d84b26f6166704bbc06fddad41a57130d4ec92dbcafc68c23e4f6afff9d38b6dfbb8f5d3f9cf149d6b52968d347

    • SSDEEP

      12288:HToPWBv/cpGrU3yxlfmoU5V2INX6ZaK5zuF:HTbBv5rUsfmoWV2i655aF

    Score
    10/10
    formbookf4caratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks