Overview

overview

10

Static

static

PI & PACKING LIST.exe

windows7-x64

10

PI & PACKING LIST.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PI & PACKING LIST.exe

  • Size

    1006KB

  • Sample

    221130-a9na7agg3y

  • MD5

    36fbb21511e87e8dddc8916cc2dc9367

  • SHA1

    eda2fa3fe4b62fe3d564cf492cc31a875e8f1922

  • SHA256

    937c7c476bb363e55fdf1ff275c87de91ec0f550072e9a759387cc95e6c78c83

  • SHA512

    85aa4905d89f42acc75d9a31806d16a84ffca0bbd4aaf9b9605d98adc8ff66544616afd8705c9c5295a9153930f1be1d58c6556f9c244e1be163218c42336dc7

  • SSDEEP

    24576:s1uqqdOC2CIep1Vtcl6gIGVfeSvopbGCh9XV:sbqdO+IAInVnFCh9X

Score
10/10
formbookm5oeratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

m5oe

Decoy

HdR8hG6r12hBYuHY4zv6YeeFPQ==

tD1V9gswYvgQXEGd

1xKtJ1LdqRYMRMC84U1A

MbhjiWb7Lz8z7KIWl3UyUIJwA6Tb

joVB5Xggy2RtE+odsZg=

TrduAIay6Y3SvoIK20xI

pSna7LOsXXwXT/zz3Iow4g==

QnthmO4Qst5gC3sDoA==

eAirzOOgO7SOCenz3Iow4g==

xg0uSbfLTg==

YWQXwyGRzPEHzGrDFE8CBSE=

ujLnfuXoH9dbgHIK20xI

291v0XsGFrYQXEGd

MRvTd/qMuaHpjCM=

X131fLC6VWX4MsvCb2IPjIfq8wlksWfg

Y9Bur8DbgqFt/Yni86MMCCE=

q6RTBmJkmy5pWTmmCCrvmuCDPw==

mQS26DojT+EQXEGd

sjHQ+Kav2Wx9FeodsZg=

JA24UKnTA5re1LhcQaVo/w==

Targets

    • Target

      PI & PACKING LIST.exe

    • Size

      1006KB

    • MD5

      36fbb21511e87e8dddc8916cc2dc9367

    • SHA1

      eda2fa3fe4b62fe3d564cf492cc31a875e8f1922

    • SHA256

      937c7c476bb363e55fdf1ff275c87de91ec0f550072e9a759387cc95e6c78c83

    • SHA512

      85aa4905d89f42acc75d9a31806d16a84ffca0bbd4aaf9b9605d98adc8ff66544616afd8705c9c5295a9153930f1be1d58c6556f9c244e1be163218c42336dc7

    • SSDEEP

      24576:s1uqqdOC2CIep1Vtcl6gIGVfeSvopbGCh9XV:sbqdO+IAInVnFCh9X

    Score
    10/10
    formbookm5oeratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks