Overview

overview

10

Static

static

2022FHS0927.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2022FHS0927.exe

  • Size

    288KB

  • Sample

    221003-p1th6sgban

  • MD5

    3d474b52e155bf6899882733f23c07c7

  • SHA1

    faa8e7dafbd29de8562658e2b97fbafb481e2c6e

  • SHA256

    6725025d1d3161a6fc010098879ef9cda0dd40a08f59283affd2deb2d5ef7b4b

  • SHA512

    ebe25a70c00d71eaeea5193e015d4f60340ff46b4e59da799e2b4448411fa714ed7caf1fc9deeea3ffdd0a76a78fa7d1ecd472f8d4538cf4c5764b341d18064b

  • SSDEEP

    6144:cNvlCluYxaCm8Gq3W2m4iFndd0j0LMp/3kSB:NaujmNFndKj0Lck

Score
10/10
formbooki65aratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

i65a

Decoy

r00zzvD9uoqMkFT8XDSqPg==

iSMQDJ3Tyuj8KXflBw==

Gq+tYoFrGU/5B4gGNnzHNg==

wEwcynSwpynZKUFhqyIK

bw3PbrjowhAVJA==

TggEt9LuwhAVJA==

r0UqC6sxgcWN7vc=

0m+fwBgf0oyehByUtx51BsBkuj8=

dhtdWWyIhRatp2dpv8tPcJoQ

jTAw4/4TCwcXjpECXDSqPg==

aglx4nPPkGp/raeivGVOfzdbFIu4

+qXr4cAGtQJm7Mf6

sU2Dc4ySSKZJc2/L32pFRrq+NgA0Yi8=

E6ohOo2zadVgzLIfaWALaik=

wXwu0yo/KbNm7Mf6

EcoyojCJYKg1laCuBK+exkNbFIu4

bhZgFvj6yP+R4F+0/5S/oFMpAA==

rzlylCB1NIMabG2dzGQd

+5ngCKjwwhAVJA==

AMUtZrYh+0LPL/QyfSo=

Targets

    • Target

      2022FHS0927.exe

    • Size

      288KB

    • MD5

      3d474b52e155bf6899882733f23c07c7

    • SHA1

      faa8e7dafbd29de8562658e2b97fbafb481e2c6e

    • SHA256

      6725025d1d3161a6fc010098879ef9cda0dd40a08f59283affd2deb2d5ef7b4b

    • SHA512

      ebe25a70c00d71eaeea5193e015d4f60340ff46b4e59da799e2b4448411fa714ed7caf1fc9deeea3ffdd0a76a78fa7d1ecd472f8d4538cf4c5764b341d18064b

    • SSDEEP

      6144:cNvlCluYxaCm8Gq3W2m4iFndd0j0LMp/3kSB:NaujmNFndKj0Lck

    Score
    10/10
    formbooki65aratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks