Overview

overview

10

Static

static

Nov SOA 2022.exe

windows7-x64

10

Nov SOA 2022.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nov SOA 2022.exe

  • Size

    613KB

  • Sample

    221115-w1fqmsba7t

  • MD5

    184e673227622ce88710a66d010aefed

  • SHA1

    cad11b3ca935aaefaeab3f59f407b4cc030d9e21

  • SHA256

    345cb40f4372dc796b5f7ee68e9f6d19a6c046db457704d800eacb717e6fddd9

  • SHA512

    6aa3a2048dbdd0dfe85af46dbb4cc464a8f54486dcb08acf53f6f1e547cef0d1f459a2ab93cdce1142022df813d36f32a888f5e84074b3177c5e517eb54f3ba4

  • SSDEEP

    12288:J8F2oSGnyz/ftNHWaRfDobiiZUFU0EbqB0RNFngXiJ/Gfk34vyC1Q07kyLL1XXMQ:iGGnyzXtBTfDobdZEUL2alDJ/GcViRon

Score
10/10
formbookn2hmratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

n2hm

Decoy

XCeG4IxNKbAl

YzJWbnC+El84nA==

KAJcdmP8yEcO5LXPCFF42Wfb

I+J+xYO95GJQWVU=

GtgxPPv3FmQmhw==

Og9NYF4xEl+j7vGTR93xvg==

506Cg07bsT0G6yK+A96H0h35V+JLkwI=

wAYXFN+pSFIXgQ==

ijzLI/f+FmQmhw==

UfT2PweNm+w8

GQWVw5aZnfF/kS5e

30BKYjua9zcA7gAwsPUngLnjyrBNEgo=

AM65OrmyFmQmhw==

VSlTVxISZ4J/kS5e

GGKj6K33SRh6e0/YzT5nQGlK5CXRqw==

B9H98cUUfX+AWOqiTA==

MxVffWOIoVnM37zrd2sTaOY=

z6bxCgG/mGhR7oDzQA==

pQgSLSRi6AK3M/PdArpX

6rRRsYuSnXx/kS5e

Targets

    • Target

      Nov SOA 2022.exe

    • Size

      613KB

    • MD5

      184e673227622ce88710a66d010aefed

    • SHA1

      cad11b3ca935aaefaeab3f59f407b4cc030d9e21

    • SHA256

      345cb40f4372dc796b5f7ee68e9f6d19a6c046db457704d800eacb717e6fddd9

    • SHA512

      6aa3a2048dbdd0dfe85af46dbb4cc464a8f54486dcb08acf53f6f1e547cef0d1f459a2ab93cdce1142022df813d36f32a888f5e84074b3177c5e517eb54f3ba4

    • SSDEEP

      12288:J8F2oSGnyz/ftNHWaRfDobiiZUFU0EbqB0RNFngXiJ/Gfk34vyC1Q07kyLL1XXMQ:iGGnyzXtBTfDobdZEUL2alDJ/GcViRon

    Score
    10/10
    formbookn2hmratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks