Resubmissions

28-11-2022 15:30

221128-sxr3qahd4x 10

28-11-2022 11:05

221128-m68tyadf2t 10

General

  • Target

    Purchase Order No. 4502717956.exe

  • Size

    636KB

  • Sample

    221128-m68tyadf2t

  • MD5

    f0d59737a03d771cef9ac6fee3d09943

  • SHA1

    d517eab4a14ce87a8d0a551ca3d046145e739dd5

  • SHA256

    d1dd1f80a7b08c0b8ee7c3067df3d35dadc6af79b02761ccf70dfcaa53f76cd7

  • SHA512

    318b662f312298d5eb8dd6345ad6c96c58bb8fc818268091646d049414e7df96585eaccbd06220beb635725ca25c15f3b4ab7dae06a354054410cdbeb8beed53

  • SSDEEP

    12288:YTczpbKbfu90F4t72M6/nFo0B+aFo7keY528R+:YgFbKie2x4/kZ7kr

Malware Config

Extracted

Family

formbook

Campaign

snky

Decoy

AiMFvkl6+A4HEgZ99q5x4naN7lGmvJo=

tvj/KUTKeKgxszIemQ==

DTrTokBrjB5leF4=

tPeTOuIjJPtH

taxtMdIygEdpskxzOQ2ZjoAEeA==

CxLuaKAFRrJyuIqQUPbhZw==

Tn4fapT5kPmk1H0gpXQ=

h5p8hDqGSiRzdSbV

i3lg8tbRNRU6jC9pQSOxzHYZgpbnOKBx

EwbfBo6m+UXU2qaVUPbhZw==

WpeenFSMquJ3xXD1/b43

niV5qTFu3tfmcgrI

fqyyyElbdxWswJ7A

Lh7o92ZOr4ghbwvK

Y2RYMDue4x+KszIemQ==

lN3Y3z5AS85eah1MDvfFQQA=

uq+Oqh8MNRxHOOkqA9lqYEZZhJU=

FEtGDeGnnRoSQEM=

TkMlruotvsmtpFwg6shr03LjwMWGow==

7PGx8hNMep8EMj5Q39dsq16IbbaIrA==

Targets

    • Target

      Purchase Order No. 4502717956.exe

    • Size

      636KB

    • MD5

      f0d59737a03d771cef9ac6fee3d09943

    • SHA1

      d517eab4a14ce87a8d0a551ca3d046145e739dd5

    • SHA256

      d1dd1f80a7b08c0b8ee7c3067df3d35dadc6af79b02761ccf70dfcaa53f76cd7

    • SHA512

      318b662f312298d5eb8dd6345ad6c96c58bb8fc818268091646d049414e7df96585eaccbd06220beb635725ca25c15f3b4ab7dae06a354054410cdbeb8beed53

    • SSDEEP

      12288:YTczpbKbfu90F4t72M6/nFo0B+aFo7keY528R+:YgFbKie2x4/kZ7kr

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks