Overview

overview

10

Static

static

8FhATvUfjFK2TVk.exe

windows7-x64

10

8FhATvUfjFK2TVk.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8FhATvUfjFK2TVk.exe

  • Size

    1023KB

  • Sample

    221214-kyrjkscd7y

  • MD5

    f3c2d4bc303d1f6772946ae4a6a34567

  • SHA1

    6efc673da18f9761db345a033b24c21bc210a84d

  • SHA256

    90a5faee22076b0369872bafae0c6f194f4d2a92ec0047427edc06590ee64f36

  • SHA512

    5849bc1c6a1dd00a3e0130e09d4d4db869c29b05ebf2d1a677c9fc7fc589996c6b75ec3985534455bd2635df18903bb80035a6d363b4d3a11c461199c8bb2ff8

  • SSDEEP

    24576:FGTgVIYba8qhRvCPkNyFnhTWWWxGfS4G3r5/oOi3bJhxVsWy:FGT6Iz8qhRvCPkQFZWx

Score
10/10
formbook2qghratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

2qgh

Decoy

7cUtkK451uW3IAE4/yY=

r7cDdn3Mbv9AuOLyud/l

VzVz5W7v/eHsJw==

+gUH0Vq3gppOPUwFstbvBQ==

LT02F9l1LM8fDyv7pu3lEg==

IRvy0sU/9TJI4XXyud/l

j2uvJzxRAzHv7gFT+TE=

2z/CJFZUKKcMPw==

WrXt6QWBJVNNh4iopu3lEg==

cFvMK1DkuFOH6XDyud/l

XbuL8S98LCJRoT0=

ScMKAv1fM1gPNynvgzQxp4wjgQ==

wg5XO8QJ/eHsJw==

XwzcMbUJ/eHsJw==

pINRMecMhdpdczc=

GfpawLT109ImVyo=

m6uQf5oY79fZCeS9

MP9cvCAc8Hm6

F0861AT+HRQSOg==

fOEUByeNA4PBO4c5mAn5Eud1Xdw=

Targets

    • Target

      8FhATvUfjFK2TVk.exe

    • Size

      1023KB

    • MD5

      f3c2d4bc303d1f6772946ae4a6a34567

    • SHA1

      6efc673da18f9761db345a033b24c21bc210a84d

    • SHA256

      90a5faee22076b0369872bafae0c6f194f4d2a92ec0047427edc06590ee64f36

    • SHA512

      5849bc1c6a1dd00a3e0130e09d4d4db869c29b05ebf2d1a677c9fc7fc589996c6b75ec3985534455bd2635df18903bb80035a6d363b4d3a11c461199c8bb2ff8

    • SSDEEP

      24576:FGTgVIYba8qhRvCPkNyFnhTWWWxGfS4G3r5/oOi3bJhxVsWy:FGT6Iz8qhRvCPkQFZWx

    Score
    10/10
    formbook2qghratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks