Overview

overview

10

Static

static

BNK0002334...00.exe

windows7-x64

10

BNK0002334...00.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BNK0002334269532_USD28,770.00.exe

  • Size

    900KB

  • Sample

    221205-j4eljaba98

  • MD5

    667551340b9e77fc82a5be94257ce556

  • SHA1

    27dd143cedfb2d80944655e1c312a4b36702a314

  • SHA256

    ff64e534905f55c5f3ab74344beb1020f062523cf34b2349763e026fa1dfb512

  • SHA512

    c93b3606f023246b1f58c7933dd366f7686f34fe4a1cc74a0bf0e9f2b7e87debf9b536a4bc4c8d0d106372e66493d76cc6492b7227ceab001ae0803174474d78

  • SSDEEP

    12288:+PJA6E+DuW73xgnCCk1uz/rQFg/sXU9tq4hf1gIJDhqje8cpt658pcyDdzoa1cfN:U7hgn/mWWeQqX2QtNnpQ5tyDdEPf

Score
10/10
formbookuxperatspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

uxpe

Decoy

a/CzoooH+7KLDxBh

pxq/4D9rqoY0CaqhS2ZJ3MoWxcQ=

54a97EJkYRruxKJBfg==

afibyRo7bSK3cepm9suqXQ==

2kIxy7hmdVItO11ceeC9

DsTkiAgZVGD7jykdq/ZFa8oWxcQ=

euyGFrS1t1r0xKJBfg==

ANUDttiRvXoVxcknM8L7cgli

vIWhu8Bb36VDR+udD2O2cn8=

CqdCYLyzwb5fWRlX5kY=

cis/39CB6vGMg5OqTrUoWvz177Fk

tl6GKyac14QX

HMzbyJUrUh3Ao80fOcr7cgli

7yKNGCGy57KLDxBh

hlormOKMBCD8uyrMw9QkUg==

3r/fZtwBUey8xw==

vlyJEwWudUHi2g==

214r37lXtmpLQWC0snrI5gjDdR0mPOKnDA==

YS1hgtPl0lz0xKJBfg==

3pa6XND7NgJ4Y3uxqO0nPnY=

Targets

    • Target

      BNK0002334269532_USD28,770.00.exe

    • Size

      900KB

    • MD5

      667551340b9e77fc82a5be94257ce556

    • SHA1

      27dd143cedfb2d80944655e1c312a4b36702a314

    • SHA256

      ff64e534905f55c5f3ab74344beb1020f062523cf34b2349763e026fa1dfb512

    • SHA512

      c93b3606f023246b1f58c7933dd366f7686f34fe4a1cc74a0bf0e9f2b7e87debf9b536a4bc4c8d0d106372e66493d76cc6492b7227ceab001ae0803174474d78

    • SSDEEP

      12288:+PJA6E+DuW73xgnCCk1uz/rQFg/sXU9tq4hf1gIJDhqje8cpt658pcyDdzoa1cfN:U7hgn/mWWeQqX2QtNnpQ5tyDdEPf

    Score
    10/10
    formbookuxperatspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks