Overview

overview

10

Static

static

srbgxywv96tp5kc.exe

windows7-x64

10

srbgxywv96tp5kc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    srbgxywv96tp5kc.exe

  • Size

    661KB

  • Sample

    221205-mh1hnaah36

  • MD5

    bc24bbabc84243feeaf0eb15d93ff488

  • SHA1

    d3a2c9d7d4c3178875b52f095f4283404fdc348d

  • SHA256

    e752c4ee3b2c0db6221f94f88acc85bb622b3c9dfd94614dd432d4785ad84cf3

  • SHA512

    0f3f2603af9368587fb6f30bb763e0cb2291ac4e651cd1a5d44fb17407d056a1fe90a7fce17e1032862d355a3768620ccb3951e83659b92c0fb8202d65a29d0e

  • SSDEEP

    12288:kPuYd+V6b1momPZefvB3bEZgN33pnxbB8Csck4U2E+z3SoVOdEIib9uaFskvQPuI:kPuYd+V6bIomxivNwZKnRsR8/CoMEBb4

Score
10/10
formbookfqwuratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

fqwu

Decoy

N6XHavFRXQTRmNUkF9dn

EoaWTgFMmLFmUJ7CJNkTiGoj5A==

Dm+WNJDwSQa5cML3Q7EBiGoj5A==

nixR8ZCkOWjqrASBuic=

yvWQNApkdf4QYIih4+xUDY0=

RtmBQtDYDb50g8btXA==

8SU541y9Ec12NYK8PSOfA8OPpaphimY=

/yEvxvlAkquuY3W1QQ==

AlHZgYW4BiI9V+M=

YsHIUsAOO15j+9TnWA==

JJu1S7QIIMij0xUqlUtv

CmWBLrD98YnyUCCFvy0=

uPwhAVEvtu1rTuY=

PI6bR88GVGXmRlpxpKjtBpo=

GnL7qs9HVQAiF6ckF9dn

2zVeBFKZgO1rTuY=

2VI1VpOg7boCAFxvrWN3ys9rovE=

L1lO62zA2o1QEEZRQtgh7g==

brhF5dY1e3zmSyCFvy0=

U6m2TsEidTTdsA5kX8wh7g==

Targets

    • Target

      srbgxywv96tp5kc.exe

    • Size

      661KB

    • MD5

      bc24bbabc84243feeaf0eb15d93ff488

    • SHA1

      d3a2c9d7d4c3178875b52f095f4283404fdc348d

    • SHA256

      e752c4ee3b2c0db6221f94f88acc85bb622b3c9dfd94614dd432d4785ad84cf3

    • SHA512

      0f3f2603af9368587fb6f30bb763e0cb2291ac4e651cd1a5d44fb17407d056a1fe90a7fce17e1032862d355a3768620ccb3951e83659b92c0fb8202d65a29d0e

    • SSDEEP

      12288:kPuYd+V6b1momPZefvB3bEZgN33pnxbB8Csck4U2E+z3SoVOdEIib9uaFskvQPuI:kPuYd+V6bIomxivNwZKnRsR8/CoMEBb4

    Score
    10/10
    formbookfqwuratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks