General

  • Target

    SecuriteInfo.com.Win64.PWSX-gen.18962.7585.exe

  • Size

    446KB

  • Sample

    221205-pz7peabc78

  • MD5

    26810d567e2c0bdcba316e23db1e94fe

  • SHA1

    85b7121630abf4ce123cb9356af84919b4131a5e

  • SHA256

    268b4b1d198ff77105bd88629138c10e89449a0c405af87e00bbdb039643acb0

  • SHA512

    5ffa18334b5e59231a141f91e6d8ad2e946d1e06694a99ed26e8b259fef8a87eefdf84783c9b5572cb53b8110b86e37f8d221c467233310c149b9ed78b156ae4

  • SSDEEP

    12288:EGEaxyIEHBzQE3u9AavxuAA39anZYuo7t:3WBOAuxA9aZYuc

Malware Config

Extracted

Family

formbook

Campaign

t5ez

Decoy

v+YaDdg/udazyV4Iyw==

MXDNPIhw1/8BP0Ud2fguBRZ/8nF6wQ==

WsTRjsGfK1Wt+wjFRn9mBQ==

TrAv42rPyfBfhpI=

2FrznhJCG6bpCgm9+n/Xq0cr

phy0dqeRgaeZzcuciHGgrkeVQw==

DIYHd2O24QEB

wVbxr0eqbQZMc4xwQF1W3NdmR2Xc

ncsN3VitpSp18jvXswKeJeQKA1DW

n/FT0RVVULr7fMV0Ykb8ztU=

OET6wvfsbaGp6O2/Rn9mBQ==

2Rb8gNoGR5GEwAeUhcs=

wR8Fc7imd8/3cQeUhcs=

rMZ/VOtX0kR/yV4Iyw==

9YIUqO7RR4iL5Cffi994

03AHmeAX+2F85Cnfi994

9QbOseAK0/c4SGJW

S1EDywDiYofETA==

ivZm1wDWR2hgAEFURn9mBQ==

D2pe4DygKUJKoLidIuwJo4PiKGhyZLPc

Targets

    • Target

      SecuriteInfo.com.Win64.PWSX-gen.18962.7585.exe

    • Size

      446KB

    • MD5

      26810d567e2c0bdcba316e23db1e94fe

    • SHA1

      85b7121630abf4ce123cb9356af84919b4131a5e

    • SHA256

      268b4b1d198ff77105bd88629138c10e89449a0c405af87e00bbdb039643acb0

    • SHA512

      5ffa18334b5e59231a141f91e6d8ad2e946d1e06694a99ed26e8b259fef8a87eefdf84783c9b5572cb53b8110b86e37f8d221c467233310c149b9ed78b156ae4

    • SSDEEP

      12288:EGEaxyIEHBzQE3u9AavxuAA39anZYuo7t:3WBOAuxA9aZYuc

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Tasks