Overview

overview

10

Static

static

hbuIgEcnzT30Uma.exe

windows7-x64

1

hbuIgEcnzT30Uma.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    hbuIgEcnzT30Uma.exe

  • Size

    828KB

  • Sample

    221206-tdcdlafa4s

  • MD5

    0e3d9093a78c09e35a878781b8324dce

  • SHA1

    8edccec93f1f626b72794d41308dc019d79c361b

  • SHA256

    a4392c3be6ba337f370c0b2170bf46c6c65f0054304f355d40b0b7fffec718e4

  • SHA512

    cecdd4049457492d7c564d3180e9ad791f574291fb19575fdbc5ef1bac382492c99a215c2dd1a9ce5dbc1c1c90ed7bc3033988536b56d8198f45deddd7d6923b

  • SSDEEP

    12288:JYCcinkg586aWHffUlllYUJ1Q0ydOML09Vjc4eEWBd9njk/:WCZnB5O8fUlQoyVWWVJ+

Score
10/10
formbookbmr1ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

bmr1

Decoy

q05YNsJC4MpYLGAf4A==

6KUzKCvwX0fwzrFQXvlucw==

KA4ZibW1w+hWN5Q=

TfgNq18tIWtsM7h+DexncQ==

zspNqjUKBdJVHTkiMMXJYeF7G53bVvMPoA==

hopQr+b8KzPIbMWvw0Yxir6cyw==

2thmt+17FR/MVsakbM/+w3xGOhopJw==

5gO5gfA6jwna/4FNSPqrvvHyr2A=

kqtr0wr9KaOXVMyDDexncQ==

PNldyz0Boa5cLGAf4A==

Gysor7fqabd0UzTwWp3Zir6cyw==

pMRgV18gtLorB21prX4=

ukpf+vu2u+hWN5Q=

pcS/rO+KmPMj69G9cMHnoSEm59cbIQ==

4fWGzv347bFNDYJeeIHKG5co

WXlRyM2Yn+4Ab1EgRAFHWdGDCzf1

ZPoM+2U1cwMzteOBsHY=

o8jQoNron4sT3A/KomE=

7QX8tTpv/A+YKw==

wFvmV8SY/A+YKw==

Targets

    • Target

      hbuIgEcnzT30Uma.exe

    • Size

      828KB

    • MD5

      0e3d9093a78c09e35a878781b8324dce

    • SHA1

      8edccec93f1f626b72794d41308dc019d79c361b

    • SHA256

      a4392c3be6ba337f370c0b2170bf46c6c65f0054304f355d40b0b7fffec718e4

    • SHA512

      cecdd4049457492d7c564d3180e9ad791f574291fb19575fdbc5ef1bac382492c99a215c2dd1a9ce5dbc1c1c90ed7bc3033988536b56d8198f45deddd7d6923b

    • SSDEEP

      12288:JYCcinkg586aWHffUlllYUJ1Q0ydOML09Vjc4eEWBd9njk/:WCZnB5O8fUlQoyVWWVJ+

    Score
    10/10
    formbookbmr1ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks