Overview

overview

10

Static

static

nuevo pedido.docx.rar

windows7-x64

3

nuevo pedido.docx.rar

windows10-2004-x64

3

nuevo pedido.docx.exe

windows7-x64

10

nuevo pedido.docx.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    92BA0652393988836891f0c5d.eml

  • Size

    1.1MB

  • Sample

    221201-rtlk4agc92

  • MD5

    9204fd7cbff79bd09263ef0145801ab6

  • SHA1

    2bd8a61113009df867d43df048339ad9cc5ff4c9

  • SHA256

    867e3f33015a4401d2fe05d3f12be7bb7ba365e8916850a1c055844a178843aa

  • SHA512

    1ecc4c00fcf8939557fb1894d4e363dafd047551865c3c06df8caf79f2e307359df3cc915153f68d39ca704f8e0884911bc6e4379eaa736831e2274bad088e77

  • SSDEEP

    24576:yyL8FsH60PVqWNRsjtR14oULrLDwZ5QiczjyFFMT3WW4NeXv:VmQUWNRe14trLkZZcPyF0WWJ/

Score
10/10
formbookqwloratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

qwlo

Decoy

HJicvGvi3ve8hBxVn3IeGdhLB01EnQ==

Kp8ox/HNepRaJ78yGH8S

siM+CGMhAxTwkoXbPLSE0JQD/RV5n5Y8

I1ErJkNb/zsN

LmAzPtnXaJGdQvkd

mxX5GuJUL4L04Q==

90oPN1wty/rDmCgZj7dliUGscIk=

7EKwYKA2EzsN

KmDNWMMaNG4uFtQBMqY0rxFOYw==

KlxekbSTGjMmCgZBan8=

bnc+UEe0zOw+F9syGH8S

veRUD740TGXqr0176YFPuKKo

GbCJkFzG8SmzchY/dwiYBgA09xZE3jbSXQ==

J6eczJ1jyyYq95M=

h7AX1FCw3muk/AZBan8=

q3knw/TldLg6vtrG+nRPuKKo

KYj0iLy4T6FyPQZBan8=

y+xN3UT90/HrqobsNGY=

V5iVtK4gNUyUGe/JSA==

QZ/gcLimSmlpNAZBan8=

Targets

    • Target

      nuevo pedido.docx.z

    • Size

      852KB

    • MD5

      99eabaf54c28eaf8bc9a910bd27d15bf

    • SHA1

      7dbad624f6ac9dd056cf7b4d7bdcb8c5c6309b4e

    • SHA256

      4b8ac2523efa7356d9f5638ac54a2ebe757f2ff439cbbfe5ca5326328dcc1510

    • SHA512

      8e296126b78d86fc74eaff309ab1e4fc3184d4f9839258c4e47bd7342d6796003ca52acbbc3d9c64c9c7de68be9b7451a8d0f8e6d65e1e3172d42cc3bc8d1792

    • SSDEEP

      24576:+Mp23FDeNJCy9q7BGLKtnoOhhxBGkISM65eqLv:BWD9zrhLn

    Score
    3/10
    behavioral1behavioral2

    • Target

      nuevo pedido.docx.exe

    • Size

      1.0MB

    • MD5

      4f3ef54cc2a4028e954eb275760a8203

    • SHA1

      0705497325e8ed2e83792ac2c08b0ee7cbeecd72

    • SHA256

      77dc20ac123646040725522265e3144772f5bfc77b8aa7896fa33e6c601ff498

    • SHA512

      5c31cefcaf349799dbaa83da39c82b9688d0de055bda7f97ab47c8e0353b0f2c869a297391d0d1216c7b18b68eabc6938dfdb0f0fb593b01a76fb058f3672e1f

    • SSDEEP

      24576:wlOqaEByj4HVHONLZkjwf5uwGPnTiwAAgEEY4:w4kHclZMwBZ2TQp

    Score
    10/10
    formbookqwloratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks