Overview

overview

10

Static

static

fffggdd.exe

windows7-x64

10

fffggdd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fffggdd.exe

  • Size

    782KB

  • Sample

    221128-rrkwsaed3w

  • MD5

    f20f55180ec2d3663e57a59c12b90888

  • SHA1

    f3b202975017b328605c703676d852d4248883b5

  • SHA256

    267c00aebd4e485e7ecb00f9708c1ae7b8d2a7bef84ba980d0783abe3fed4b6f

  • SHA512

    c1844a38aee0e3491f46f25b3acc28cd0999c11032ebed26b9c54c882a5154bd4387ded1c0ece8b404b739ca1591ebdc6d6531281bcb77b4c7045928b0d70c43

  • SSDEEP

    12288:9mHYsrAQMj7JP2cAmYOKe2ncjOQZgRDFHNFap4nruadYaeLw2Y:s4ZljB2tOUAOQZgZ1Hap4nya6RxY

Score
10/10
formbookmodiloadert3qwpersistenceratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

t3qw

Decoy

cmv2ztfryZrE+3A/E6XVJY/zH13snw==

znM2r24wvyjMBxCX

RH+7M2Ut6PYms2mB6ho=

ZlPRueq+YTIhbwootBU3h8T3H13snw==

cVz99xUsBqvFN6B45U9nio0=

BXU3DIrcdhs2gNyk+lCCIoY=

uzBaz3kYIIMfK6V0Mr9FnhdNPg==

8rOZ/v+7fprLI6NzR+6HJl7EH13snw==

Pr2Wev5P6jlqWCiehQ==

dbzaPc5eWb5zVCPsyrU/

IeLgUQI37HLkFgKO

4xt3Y4yVega6l2LuLk5aovIhhLU=

2QdkbxFB8tkDMkQEyqg1

X1OV8wH0+lwCBwvIciO7Ug==

lYIX+/YAFhbMBxCX

DoxOV/qIixyT+HME6yyvTw==

GAuVkyRmIgwqdeGgIVU3iY8=

VMPRWwSKoDLoqJJuQ3B8kZI=

SAy2t2O1YK0dvad741U3iY8=

OOLZqb+rGSobYw==

Targets

    • Target

      fffggdd.exe

    • Size

      782KB

    • MD5

      f20f55180ec2d3663e57a59c12b90888

    • SHA1

      f3b202975017b328605c703676d852d4248883b5

    • SHA256

      267c00aebd4e485e7ecb00f9708c1ae7b8d2a7bef84ba980d0783abe3fed4b6f

    • SHA512

      c1844a38aee0e3491f46f25b3acc28cd0999c11032ebed26b9c54c882a5154bd4387ded1c0ece8b404b739ca1591ebdc6d6531281bcb77b4c7045928b0d70c43

    • SSDEEP

      12288:9mHYsrAQMj7JP2cAmYOKe2ncjOQZgRDFHNFap4nruadYaeLw2Y:s4ZljB2tOUAOQZgZ1Hap4nya6RxY

    Score
    10/10
    modiloadertrojanformbookt3qwpersistenceratspywarestealer

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks