General

  • Target

    DHLAWB-5024310182_1212.exe

  • Size

    898KB

  • Sample

    221206-hs93made97

  • MD5

    1621170620ee606fe369567061032b7d

  • SHA1

    21c39b4591ee3c34475cc56447f32c7b9f55d806

  • SHA256

    314cf1d9477fd2d1c1d46503bc2aa48ad0ca137c31bff40d3c821cf3b4ca3bc4

  • SHA512

    085c355943b47afc508855afc853e46d36e6580d23f1c653b2677b965ff48f76fba4d980cba07342bdd39ffc46b150eb17e38d9ddbebe1938d57c55d72969b9d

  • SSDEEP

    12288:Wcj3JHu4nMiRR4C6slfvHDPli4H/eigJSx0MQjma3gKZ/nXt7virmWhlGLaQYIp:tjJHu4nMq4CBlfPD04kJSx76/

Malware Config

Extracted

Family

formbook

Campaign

d8ax

Decoy

wQDD4HkJc+vErnk=

j7vdn039QTY5Gcs43SDb8R4gwLgFCI7s

ZqPN0enMl4As

kKK00fOMq6KZmHv6kZjEiTm3l1o=

CxCTti/0Dcs5qly/AVHoTg==

5TwVtD3wcevErnk=

/ieoWNXMl4As

caK67QvHGhmiEuKpidX2RA==

Bbyy3J6D1Qw=

LV5N2gOocvpbA/OB/w==

k7k2OMNsBY67libDOi4=

wuDokhS1jLo4mA==

RVGz6anMl4As

la40BCHFwoI/rpugbdoaWQ==

XmVnfY0nNACG5si5u8Ds6F79xw==

dpyQTuytl0/bShsFIYUaHRzIL4quYwxgTA==

yvmesDDPpTSrLhf5GlvvdaCZekhAsg==

obTEXhervaSWkSbDOi4=

ClZogXcOT1DcPyvgOKJM

Drlokv/cjLo4mA==

Targets

    • Target

      DHLAWB-5024310182_1212.exe

    • Size

      898KB

    • MD5

      1621170620ee606fe369567061032b7d

    • SHA1

      21c39b4591ee3c34475cc56447f32c7b9f55d806

    • SHA256

      314cf1d9477fd2d1c1d46503bc2aa48ad0ca137c31bff40d3c821cf3b4ca3bc4

    • SHA512

      085c355943b47afc508855afc853e46d36e6580d23f1c653b2677b965ff48f76fba4d980cba07342bdd39ffc46b150eb17e38d9ddbebe1938d57c55d72969b9d

    • SSDEEP

      12288:Wcj3JHu4nMiRR4C6slfvHDPli4H/eigJSx0MQjma3gKZ/nXt7virmWhlGLaQYIp:tjJHu4nMq4CBlfPD04kJSx76/

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Command-Line Interface

1
T1059

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks