Overview

overview

10

Static

static

PMP-INS-93...17.exe

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PMP-INS-93-2436-IN-1017.exe

  • Size

    265KB

  • Sample

    221014-p7p5bsdeb4

  • MD5

    a0a1f5ff78c714b094a5fb386e02a7a3

  • SHA1

    10fd01e713a5b96d19fd636e646f231bdb059bf1

  • SHA256

    187fda2b830429934ff2d59c014f05098bfb323d639be258f075efa4309f5c0f

  • SHA512

    6db4734f3b1f13f4ad87dd3b604a8c6b37698e7b788604d53fd42a3cf0af9155c96f54ce5d2651ba2f905a385eddf0c57284bda0078bba4ad5f71adde9e05fe2

  • SSDEEP

    6144:xNeZBEmUT5ohIP1DT1SDLiXoina7ZnkOnIhB:xN+BI5yWHOiXlKkHB

Score
10/10
formbookfkkuratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

fkku

Decoy

ItLUfbYmkw6ODl8lnvwkR/8=

oUKMUSjydqzVWxG/CqjK3ngAhQ==

HB9lfRtFwT/XlJ9Lxw==

hBYXuorq7a3WwPq1NSezCMStlQ==

ciRqfQbLgwx/+e2rLqTZ8oMLc2LYY4o=

9vb76Nc8JzKlj4YEQyPAx2dx86U=

fB9041xJgwl1

ND8juoNyH6x5XqlZ2Q==

QEaot04y8XLjFOBp1Cg=

SG6vmdmmpmFmDosczg==

WWCorUT756r1F+aD3cd7Cij6nSFQ

Yl63zVL2NnFph44XcKkiP/k=

s2RfFNOd3fuBEJNZ2ig=

u1p6Ucr2uCketwGD

0vD8lFkSfRCHEJdebbrb

qzlqgxrsrDRmDosczg==

H5aTYXc2rHXjzQ==

S/pFbexYx0S+Ex7SN5rC

9kOIkRTWkA136nA2Ua/R

ojOElJ50E1N40ZNanCbEZw==

Targets

    • Target

      PMP-INS-93-2436-IN-1017.exe

    • Size

      265KB

    • MD5

      a0a1f5ff78c714b094a5fb386e02a7a3

    • SHA1

      10fd01e713a5b96d19fd636e646f231bdb059bf1

    • SHA256

      187fda2b830429934ff2d59c014f05098bfb323d639be258f075efa4309f5c0f

    • SHA512

      6db4734f3b1f13f4ad87dd3b604a8c6b37698e7b788604d53fd42a3cf0af9155c96f54ce5d2651ba2f905a385eddf0c57284bda0078bba4ad5f71adde9e05fe2

    • SSDEEP

      6144:xNeZBEmUT5ohIP1DT1SDLiXoina7ZnkOnIhB:xN+BI5yWHOiXlKkHB

    Score
    10/10
    formbookfkkuratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks