Overview

overview

10

Static

static

504-2022-285E.rar

windows10-1703-x64

3

504-2022-285E.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Test.eml

  • Size

    317KB

  • Sample

    221129-xaew4aed99

  • MD5

    7430d4bdf3fe887e2cae3ed66b0bad16

  • SHA1

    dd7c96c3753415cc3f84bbd16a980de4caa8370b

  • SHA256

    fc0b038b3931bb1d93280890148fb4d4260e8c70a55438109b9255fcd1422e33

  • SHA512

    f8f45dce3c86427e1c5edcd2e9525dbb344dafb824552ac13147de7059794db16eb336fc1d19ddf8704466ec0ebc61faabc4f6da282eeed1f71a352f7e213493

  • SSDEEP

    6144:5FveAFPO7UfRLLCqvu+d+JZlrhDNgdn3abmNYL1QSk8KTqJ48d0Zr8E9ayL:5FmUO7UZLhGd7hDqJaaI1Q4GZr8EL

Score
10/10
formbookermrratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

ermr

Decoy

ErOK6LFCgNIAlQmH54oaYOL/CN29Z78=

qNSdDhu/PT/1fgafDagiCSZH1SY=

wLpPOAkYS8EABl3pHGc4hNT/Q1sHBrU=

jSxRvptHkeTGl7PT0SEmaZmjqzanuA==

b91oL+2wCcpyhnd6yvF6Pg==

mr81yp1/qqZX

hy7Xsz/PU/LWHMcGL4UYJx9n3A==

KlwrHt1gouPaXaWhoQ==

ng8M320IRJL9Ptw=

8GQbOXuaWxvKnNM=

XndOL7E5sNpVUNty4d/a

rryPBBC8PybYb+2h2MF3FHGL

kEoeyERSVCYO0g==

5/P+SBDby5hO

1fYXc30/h9W7iO17

34X+YKR+wRFE

8ir/X2MlVByh5lQ1ow8=

u9ikm2UMZ7J7hpCYow==

FLI+c3clp1BNDjVAfvC2Dnw=

t21Erq8/r09wAzAJTAH3Ng==

Targets

    • Target

      504-2022-285E.rar

    • Size

      228KB

    • MD5

      1d3749d187e1ce3b0828e3ab00b904a2

    • SHA1

      f52aa5b84ded68a16ca404d59942c88b680dddcd

    • SHA256

      378754a4547eab6f34990fdb897df448c62e8c270afe46ffef38c556616acf0b

    • SHA512

      3c02caad7e09d139866c09a12ba420f8d3757e0a0f1b4f0022f97f4549731be0566bb55836129a6c7ecac3e208fd6a7bc22a5efcac371ba67d73071dd5c20b8f

    • SSDEEP

      6144:PUcVZ/anqIMuZLPO4l77g9W/BPHmVhsDeTqw:r/Yq+hvXg9Wkr5

    Score
    3/10
    behavioral1

    • Target

      504-2022-285E.exe

    • Size

      277KB

    • MD5

      3e77705d1c4d75670cdb6221d07a2562

    • SHA1

      a7c0b6609f1740d02270d7c6f1ee9851a26642c3

    • SHA256

      4ec38c8028003269f3576dba1c4776266a9a8c4d26eb91e2148b1bc1a9994a7c

    • SHA512

      0a4bed3e39f2d753a970336801121dac4891b4956e4c5b93069d407f15191dbcfac0219b399de2aeaa60af298ad4c1803aa9fc8902cdb6985f5e7e08c39e8e19

    • SSDEEP

      6144:vaZ+bfg9FKfw7Jmv+e4uZk7/wA0mBJSrMQNrEA:vaZqgFMv+e4uZlmrXQP

    Score
    10/10
    formbookermrratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks