Overview

overview

10

Static

static

Specificat...78.exe

windows7-x64

10

Specificat...78.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Specification 5678.exe

  • Size

    783KB

  • Sample

    221103-p724wscfdj

  • MD5

    10a84bec0fb372b198ef40ca39f55bd8

  • SHA1

    3865a090d536a52b9e2625ca4eee5e3b346b74f0

  • SHA256

    c85a06161a28fcfcc80891d618c37d37b72e970be0be060fec72925424412044

  • SHA512

    fc4f3cb89b437a2e29b95c4b39c8dbc5a3cde31d6b73281d1080c4dc29788f56fe39580eb9498ac8b250fa81602bd4dcc1ea825978f3e06817f8b0ed6886522c

  • SSDEEP

    12288:jb7Vnri6k1mS35TcRi1fHlFKIBVKlAhQhngAKEogIYWkejwFGf:jRri6koS35rHbzMnngAKEogIreG

Score
10/10
formbooknhg6ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

nhg6

Decoy

FSZGb3Of7ECMIOG9mh1ql/w=

DAPP3Pm63eo+zg==

khOZTuClxYsKQsZALgy3ob9TFAk=

5uWol2f/RF3CAwFd

P70LqPOi2iE9g4vpPH1Lk8E0K6tC

KBRl7TSt3eo+zg==

rqedJWUJXKkDbORa

lpORtIg8lvMKbJ77PQW9kes=

Qinv+gsohAIooqyTcfUYgZ/IVxQ=

J0L2ggPAiE2gxm4=

r/I6qOGI5noJCghf

khJg6HKM6l9okVK+pg==

HRMTK/6p3eo+zg==

HqMiuv2JaKYJCghf

+FzGYtsGTpK46OkKkh5C

BBrOUpUY91R/r8gkPwrcuw==

klWfn2smdNcqog581h6vX7px

t8uvr7+R7IPaHSOH1hqvX7px

bHdghkj64OjzY2hOLa/WObrRkkeJjQ==

s3/smhoylh1J0mPS4aDHBDRyJw==

Targets

    • Target

      Specification 5678.exe

    • Size

      783KB

    • MD5

      10a84bec0fb372b198ef40ca39f55bd8

    • SHA1

      3865a090d536a52b9e2625ca4eee5e3b346b74f0

    • SHA256

      c85a06161a28fcfcc80891d618c37d37b72e970be0be060fec72925424412044

    • SHA512

      fc4f3cb89b437a2e29b95c4b39c8dbc5a3cde31d6b73281d1080c4dc29788f56fe39580eb9498ac8b250fa81602bd4dcc1ea825978f3e06817f8b0ed6886522c

    • SSDEEP

      12288:jb7Vnri6k1mS35TcRi1fHlFKIBVKlAhQhngAKEogIYWkejwFGf:jRri6koS35rHbzMnngAKEogIreG

    Score
    10/10
    formbooknhg6ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks