Overview

overview

10

Static

static

4e256d3d4d...52.exe

windows7-x64

10

4e256d3d4d...52.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4e256d3d4ddbcc9c1d2cfa57034a0d52.bin

  • Size

    295KB

  • Sample

    221026-w6wn2sgef4

  • MD5

    4e256d3d4ddbcc9c1d2cfa57034a0d52

  • SHA1

    60ec184a1ab03af29341f093791e210202814f1c

  • SHA256

    5463db9a5e180df75642646615cfd6ff7598b9846718c2224f19c878ee01dc00

  • SHA512

    2e455bd66870778fc511515d3db4ae3b14d16374436cc4f6b70c182b42f2c70f977b9976194c1fb392f0ab28ebc4b7fd3ecec87fba279a541c6be396425fd79e

  • SSDEEP

    6144:uj5zFdfKy5i+xc+tR5VwWmKH0LYlA8yjXeIIzls3GEioll+8zE7ev:efKy5p9tBmKUL0uhIoGEiQltEi

Score
10/10
formbooki65aratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

i65a

Decoy

r00zzvD9uoqMkFT8XDSqPg==

iSMQDJ3Tyuj8KXflBw==

Gq+tYoFrGU/5B4gGNnzHNg==

wEwcynSwpynZKUFhqyIK

bw3PbrjowhAVJA==

TggEt9LuwhAVJA==

r0UqC6sxgcWN7vc=

0m+fwBgf0oyehByUtx51BsBkuj8=

dhtdWWyIhRatp2dpv8tPcJoQ

jTAw4/4TCwcXjpECXDSqPg==

aglx4nPPkGp/raeivGVOfzdbFIu4

+qXr4cAGtQJm7Mf6

sU2Dc4ySSKZJc2/L32pFRrq+NgA0Yi8=

E6ohOo2zadVgzLIfaWALaik=

wXwu0yo/KbNm7Mf6

EcoyojCJYKg1laCuBK+exkNbFIu4

bhZgFvj6yP+R4F+0/5S/oFMpAA==

rzlylCB1NIMabG2dzGQd

+5ngCKjwwhAVJA==

AMUtZrYh+0LPL/QyfSo=

Targets

    • Target

      4e256d3d4ddbcc9c1d2cfa57034a0d52.bin

    • Size

      295KB

    • MD5

      4e256d3d4ddbcc9c1d2cfa57034a0d52

    • SHA1

      60ec184a1ab03af29341f093791e210202814f1c

    • SHA256

      5463db9a5e180df75642646615cfd6ff7598b9846718c2224f19c878ee01dc00

    • SHA512

      2e455bd66870778fc511515d3db4ae3b14d16374436cc4f6b70c182b42f2c70f977b9976194c1fb392f0ab28ebc4b7fd3ecec87fba279a541c6be396425fd79e

    • SSDEEP

      6144:uj5zFdfKy5i+xc+tR5VwWmKH0LYlA8yjXeIIzls3GEioll+8zE7ev:efKy5p9tBmKUL0uhIoGEiQltEi

    Score
    10/10
    formbooki65aratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks