Overview

overview

10

Static

static

BNK0002334...00.exe

windows7-x64

10

BNK0002334...00.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BNK0002334789532_USD28,770.00.exe

  • Size

    637KB

  • Sample

    221203-17x1qaec5y

  • MD5

    d7efd600d714d6d2f6b7fadc6adec0c9

  • SHA1

    ba35f96a741637af1d1319074396f1bf891f13e1

  • SHA256

    fe199e437de02d997427dfea4e864f386e12887c5ae16d2acc465417cd539521

  • SHA512

    f4e1558763fb4527ca464c7a7f8a533e4fa0d4725e97c956b83acd2ef503a056930526c6e1eeb28263d9e6bbc820be2fc110548e0ef8cd28dc003cfccfda8f18

  • SSDEEP

    12288:90zcBpbKbfzdHP/FvT9mzyK8DzVlCxlASlDAMTQu1c66XZp+:9hbbKnlJRKyKUBExjjcp

Score
10/10
formbookuxperatspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

uxpe

Decoy

a/CzoooH+7KLDxBh

pxq/4D9rqoY0CaqhS2ZJ3MoWxcQ=

54a97EJkYRruxKJBfg==

afibyRo7bSK3cepm9suqXQ==

2kIxy7hmdVItO11ceeC9

DsTkiAgZVGD7jykdq/ZFa8oWxcQ=

euyGFrS1t1r0xKJBfg==

ANUDttiRvXoVxcknM8L7cgli

vIWhu8Bb36VDR+udD2O2cn8=

CqdCYLyzwb5fWRlX5kY=

cis/39CB6vGMg5OqTrUoWvz177Fk

tl6GKyac14QX

HMzbyJUrUh3Ao80fOcr7cgli

7yKNGCGy57KLDxBh

hlormOKMBCD8uyrMw9QkUg==

3r/fZtwBUey8xw==

vlyJEwWudUHi2g==

214r37lXtmpLQWC0snrI5gjDdR0mPOKnDA==

YS1hgtPl0lz0xKJBfg==

3pa6XND7NgJ4Y3uxqO0nPnY=

Targets

    • Target

      BNK0002334789532_USD28,770.00.exe

    • Size

      637KB

    • MD5

      d7efd600d714d6d2f6b7fadc6adec0c9

    • SHA1

      ba35f96a741637af1d1319074396f1bf891f13e1

    • SHA256

      fe199e437de02d997427dfea4e864f386e12887c5ae16d2acc465417cd539521

    • SHA512

      f4e1558763fb4527ca464c7a7f8a533e4fa0d4725e97c956b83acd2ef503a056930526c6e1eeb28263d9e6bbc820be2fc110548e0ef8cd28dc003cfccfda8f18

    • SSDEEP

      12288:90zcBpbKbfzdHP/FvT9mzyK8DzVlCxlASlDAMTQu1c66XZp+:9hbbKnlJRKyKUBExjjcp

    Score
    10/10
    formbookuxperatspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks