Overview

overview

10

Static

static

5100952549.exe

windows7-x64

10

Resubmissions

27-12-2022 00:11

221227-ag2ccahc2s 10

27-12-2022 00:08

221227-ae336ahb9x 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5100952549 (1).zip

  • Size

    649KB

  • Sample

    221227-ae336ahb9x

  • MD5

    fc904df9b8b0c0f71e165d1f9a594678

  • SHA1

    a96809f191136217f403d8cc0f3450d937d73bd7

  • SHA256

    5b53c0d56a78ef68dcee01e6912d34bec98a9ce1c188536fa6e10a6eba5fc340

  • SHA512

    0d55374a2486721e5e8a5801e9fbfef066288643e3ec12e371d287098d5e435adb2c8b607a8f5a3cb3bc43c292c7ac680e75a45a7c0b79af0dd2f96a9d981186

  • SSDEEP

    12288:jVGAsi86QWuZtFKtZbMw8DzpQPxpnxBt7EavJ5IDrv4pHpG4QYWEFsGni:JJsxjJQtZbD8D1YpnDUDrwlWi7i

Score
10/10
formbookn2hmratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

n2hm

Decoy

XCeG4IxNKbAl

YzJWbnC+El84nA==

KAJcdmP8yEcO5LXPCFF42Wfb

I+J+xYO95GJQWVU=

GtgxPPv3FmQmhw==

Og9NYF4xEl+j7vGTR93xvg==

506Cg07bsT0G6yK+A96H0h35V+JLkwI=

wAYXFN+pSFIXgQ==

ijzLI/f+FmQmhw==

UfT2PweNm+w8

GQWVw5aZnfF/kS5e

30BKYjua9zcA7gAwsPUngLnjyrBNEgo=

AM65OrmyFmQmhw==

VSlTVxISZ4J/kS5e

GGKj6K33SRh6e0/YzT5nQGlK5CXRqw==

B9H98cUUfX+AWOqiTA==

MxVffWOIoVnM37zrd2sTaOY=

z6bxCgG/mGhR7oDzQA==

pQgSLSRi6AK3M/PdArpX

6rRRsYuSnXx/kS5e

Targets

    • Target

      5100952549

    • Size

      876KB

    • MD5

      c32da4c9874da9bcb408f97dc8dc1e64

    • SHA1

      798dbd26fd9f4073e1130ad84f065e22b3bdb3c5

    • SHA256

      e55222db4cd5a2a35266b2dfc36cd36f69abdb566d9f8863136ba618415e9940

    • SHA512

      3433551af28ad6e37b8573370c9ccf926e7ff782b382bff6705d0b7aa936c81b9e5c038391afcc77032eeb55531fc05736a35e70682de6792d3671ae89f0b5ca

    • SSDEEP

      12288:/JoQgKZ/nXt7virmWhlGLaQYI2ke/NBur3OCpt/ehINBuy05AUN/O57f+fNOQa5w:/6TNcrXvaIN7Hb57f+F1aMt

    Score
    10/10
    formbookn2hmratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks