General

  • Target

    Urgent Request For Quotation.exe

  • Size

    739KB

  • Sample

    221205-rszfkacd3v

  • MD5

    0cefb2a275a4d5ae0aff3578abf2859b

  • SHA1

    b84c05bfaaf6e98566479d6a990eaa79baf95b48

  • SHA256

    4b01d8e4729b07277f8f71037f9fbda1f8d817d9688850d941e7832727bb0276

  • SHA512

    e3ac56e26a9ef76d7a3e77e13656169b12a64bbd828c6a5041a1645277c4e20788f073ff240fe4b49608e766dbe615675998062f33f541194b9308c5be9d1958

  • SSDEEP

    12288:JudpNvgkg586aWHffM9/uiiiOMZmHykP+KifPcbIc9FUqUiwA65cP+PXc5+:CNvgB5O8fquDMZmp2FcbIoUcB

Malware Config

Extracted

Family

formbook

Campaign

snky

Decoy

AiMFvkl6+A4HEgZ99q5x4naN7lGmvJo=

tvj/KUTKeKgxszIemQ==

DTrTokBrjB5leF4=

tPeTOuIjJPtH

taxtMdIygEdpskxzOQ2ZjoAEeA==

CxLuaKAFRrJyuIqQUPbhZw==

Tn4fapT5kPmk1H0gpXQ=

h5p8hDqGSiRzdSbV

i3lg8tbRNRU6jC9pQSOxzHYZgpbnOKBx

EwbfBo6m+UXU2qaVUPbhZw==

WpeenFSMquJ3xXD1/b43

niV5qTFu3tfmcgrI

fqyyyElbdxWswJ7A

Lh7o92ZOr4ghbwvK

Y2RYMDue4x+KszIemQ==

lN3Y3z5AS85eah1MDvfFQQA=

uq+Oqh8MNRxHOOkqA9lqYEZZhJU=

FEtGDeGnnRoSQEM=

TkMlruotvsmtpFwg6shr03LjwMWGow==

7PGx8hNMep8EMj5Q39dsq16IbbaIrA==

Targets

    • Target

      Urgent Request For Quotation.exe

    • Size

      739KB

    • MD5

      0cefb2a275a4d5ae0aff3578abf2859b

    • SHA1

      b84c05bfaaf6e98566479d6a990eaa79baf95b48

    • SHA256

      4b01d8e4729b07277f8f71037f9fbda1f8d817d9688850d941e7832727bb0276

    • SHA512

      e3ac56e26a9ef76d7a3e77e13656169b12a64bbd828c6a5041a1645277c4e20788f073ff240fe4b49608e766dbe615675998062f33f541194b9308c5be9d1958

    • SSDEEP

      12288:JudpNvgkg586aWHffM9/uiiiOMZmHykP+KifPcbIc9FUqUiwA65cP+PXc5+:CNvgB5O8fquDMZmp2FcbIoUcB

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks