Overview

overview

10

Static

static

lib64.exe

windows7-x64

10

lib64.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    lib64.exe

  • Size

    202KB

  • Sample

    221207-gbp6fsce41

  • MD5

    676380743dd23f61e18c1e044105168a

  • SHA1

    387fbee19170c2ddc8c4faa2b38131fe9b3259de

  • SHA256

    d8b2ccbb31253f78340e5a95ac72cb871e52338526817cc5db09107becaf7b36

  • SHA512

    685d3bf901993ddec9a786132f1f9e9b48c6d8697fdce67f26813b0e1d1b1b2419d37db35c43829578255b51d80877a243b395d2a4423eef4174b5168dfc8b14

  • SSDEEP

    6144:qxAVDI/PTDCC4vX7NYEpItOeDwh0UkezRpt:qxAVD6Pn0v+EaOeDo0yzRT

Score
10/10
formbooks3f0ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

s3f0

Decoy

zm/xqaOkp7SIM6I9k8cYYQ==

R3BJUiYhIJsD50TcNbbEexs=

r92WbDh7DjlsCftKuG56

UmoUBecGa6YL6A==

UQLQ4AmN+i0R

ATNkzEHBHyMM

BSHJi2n11k/Oq+6Mug==

+Z7elo1OY5UH6Q==

dZEf25y+5WLNqDGY9DI=

Zu6ipAkOo1QGo6fHrw==

iquKhUajLOlfLDduk8cYYQ==

6HcbD4jxPzcS

kCkEGSRmmQVzS1l7k8cYYQ==

kpV9fdfeZ3ZO/ozTsg==

Vea2yr7h+HTYxwHH9C8=

j7h4fHeMuGfayAHH9C8=

tcQ2/YKFQAFqYKxQfu09Rjl6FA==

RVYC2MYEERU2x8sXLiY=

dv+nDEaN+i0R

CbNkLJj8EFE0Hmn/LSeqpVhnTmJs

Targets

    • Target

      lib64.exe

    • Size

      202KB

    • MD5

      676380743dd23f61e18c1e044105168a

    • SHA1

      387fbee19170c2ddc8c4faa2b38131fe9b3259de

    • SHA256

      d8b2ccbb31253f78340e5a95ac72cb871e52338526817cc5db09107becaf7b36

    • SHA512

      685d3bf901993ddec9a786132f1f9e9b48c6d8697fdce67f26813b0e1d1b1b2419d37db35c43829578255b51d80877a243b395d2a4423eef4174b5168dfc8b14

    • SSDEEP

      6144:qxAVDI/PTDCC4vX7NYEpItOeDwh0UkezRpt:qxAVD6Pn0v+EaOeDo0yzRT

    Score
    10/10
    formbooks3f0ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks