Overview

overview

10

Static

static

Invoice_Tr...34.cab

windows7-x64

1

Invoice_Tr...34.cab

windows10-2004-x64

1

Invoice_Tr...34.exe

windows7-x64

10

Invoice_Tr...34.exe

windows10-2004-x64

10

Resubmissions

29-09-2022 07:16

220929-h3s7vsaae7 10

19-09-2022 14:00

220919-rbbm6sbhf6 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice_Tracking_657895995845HKFDHKLFDLKHDFKLFDKHLFDKL89634.cab

  • Size

    246KB

  • Sample

    220929-h3s7vsaae7

  • MD5

    fc32b80780eec72b3b2e6c14c7ce5fcd

  • SHA1

    afa537ca4939b9c8acf4c3bd05301cd957c6ace0

  • SHA256

    19c0c7bdad5e228179478b4b6c0c0bf282141f64023b15f9d08bb4e140592fbd

  • SHA512

    2c1f785f86149f02533c1c13199b51569d767128fece832cd8a5d69573bb9a45a76f5f50c7d99929d8048d6f9851f90069b2e78fea5ef5550fb935116af01ba1

  • SSDEEP

    6144:UFSheb3KpefnaMDCed9DdE2fC5E4OkOneIoI2Igm/eroT:UFeeDKpunacCIxdEcC+1zH

Score
10/10
formbookf4caratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

f4ca

Decoy

QYZ6iE9Y+CsiZpCBareS0uU=

N2FQLAaH6xXE

Vc6t0MQXN+Llxsqg

ElBedmSvYGGm6yLDhHqzAtmlCxWl

4VpIWShqHR5cpjfQ4bs=

mepO9miu/iFiQQ==

Z8Owqh54IlwEpDfQ4bs=

qcq4uT5HecWZG3EVwKTiUE7slrGQGiyo

IaYYoJikKDDqgV/NigZCLA==

4Xz5pfoCCW/76NnOUrFEOw==

xiijSkVJ3Yuh9OKDcmui/d2lCxWl

cr8MmfpCEu0ULsO3p6w=

JLm2yKHo7hdVb8O3p6w=

Hriy5svWm2Qfq9mPQib9jJI65gOr

2G3nkRpidunlxsqg

gPHUAeXmi8Q9ARy3

6l5WaOf8BxhQDkp5gKQ=

KHHiXs4WOqXZdPhpaw==

+UQ5Vz5O0Ms9ARy3

pNQygKu0OziAvjOHRGLnJA==

Targets

    • Target

      Invoice_Tracking_657895995845HKFDHKLFDLKHDFKLFDKHLFDKL89634.cab

    • Size

      246KB

    • MD5

      fc32b80780eec72b3b2e6c14c7ce5fcd

    • SHA1

      afa537ca4939b9c8acf4c3bd05301cd957c6ace0

    • SHA256

      19c0c7bdad5e228179478b4b6c0c0bf282141f64023b15f9d08bb4e140592fbd

    • SHA512

      2c1f785f86149f02533c1c13199b51569d767128fece832cd8a5d69573bb9a45a76f5f50c7d99929d8048d6f9851f90069b2e78fea5ef5550fb935116af01ba1

    • SSDEEP

      6144:UFSheb3KpefnaMDCed9DdE2fC5E4OkOneIoI2Igm/eroT:UFeeDKpunacCIxdEcC+1zH

    Score
    1/10
    behavioral1behavioral2

    • Target

      Invoice_Tracking_657895995845HKFDHKLFDLKHDFKLFDKHLFDKL89634.exe

    • Size

      277KB

    • MD5

      adfbf0d0858c2ccf0c3070967f1c5a3e

    • SHA1

      e723c9f072504c3345f91829000ec7d96ac6661a

    • SHA256

      54d71b452ceceb7769f2ab610d157005849ec32aae5544acaa99d08f8d12cd95

    • SHA512

      7c08f20307f27a8f91fdf53efd1280b898e78fbc8382c4b3dd3fc3f7f75204e0c4fafb5e7bc97d53872d46fc3ab72851703c8f0d6e932c407d3b5e6e68f07749

    • SSDEEP

      6144:KAJjLwdO06a3KpeQnaMDCbd9D+E2fCos4OianeAsIJ/8kAG:KjO06IKpRnacCxx+EcCBnbX8kL

    Score
    10/10
    formbookf4caratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks