Overview

overview

10

Static

static

AJuHXs6fD8VCDet.exe

windows7-x64

10

AJuHXs6fD8VCDet.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AJuHXs6fD8VCDet.exe

  • Size

    660KB

  • Sample

    221205-lhx7vsbc7z

  • MD5

    3e1293ee8cdb1b7383339fcc7d7a4cd0

  • SHA1

    fc9221071f9c049ee9e225c5ffe132d96691ef87

  • SHA256

    00898f3a97840deb064852654e9c86e6e250a0e638b51c6af8938aa086ca8e23

  • SHA512

    38b1f02e40ba5edeae02f863d8a9e630986ee6a2b6c0d62db4d4d12e1bcb15600820612fb55688aff6bc536b3864ca2bee65ff311aa0b77ac07aee137878a4d9

  • SSDEEP

    12288:HPuYd+V6b1momPZefwOEDdP3vbB773xhASwOy3iX7o93iB2OP7So+xeQcHawKPuI:HPuYd+V6bIomxi8pHbxfASwOyumyB2O2

Score
10/10
formbook2qghratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

2qgh

Decoy

7cUtkK451uW3IAE4/yY=

r7cDdn3Mbv9AuOLyud/l

VzVz5W7v/eHsJw==

+gUH0Vq3gppOPUwFstbvBQ==

LT02F9l1LM8fDyv7pu3lEg==

IRvy0sU/9TJI4XXyud/l

j2uvJzxRAzHv7gFT+TE=

2z/CJFZUKKcMPw==

WrXt6QWBJVNNh4iopu3lEg==

cFvMK1DkuFOH6XDyud/l

XbuL8S98LCJRoT0=

ScMKAv1fM1gPNynvgzQxp4wjgQ==

wg5XO8QJ/eHsJw==

XwzcMbUJ/eHsJw==

pINRMecMhdpdczc=

GfpawLT109ImVyo=

m6uQf5oY79fZCeS9

MP9cvCAc8Hm6

F0861AT+HRQSOg==

fOEUByeNA4PBO4c5mAn5Eud1Xdw=

Targets

    • Target

      AJuHXs6fD8VCDet.exe

    • Size

      660KB

    • MD5

      3e1293ee8cdb1b7383339fcc7d7a4cd0

    • SHA1

      fc9221071f9c049ee9e225c5ffe132d96691ef87

    • SHA256

      00898f3a97840deb064852654e9c86e6e250a0e638b51c6af8938aa086ca8e23

    • SHA512

      38b1f02e40ba5edeae02f863d8a9e630986ee6a2b6c0d62db4d4d12e1bcb15600820612fb55688aff6bc536b3864ca2bee65ff311aa0b77ac07aee137878a4d9

    • SSDEEP

      12288:HPuYd+V6b1momPZefwOEDdP3vbB773xhASwOy3iX7o93iB2OP7So+xeQcHawKPuI:HPuYd+V6bIomxi8pHbxfASwOyumyB2O2

    Score
    10/10
    formbook2qghratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks