Overview

overview

10

Static

static

3

REQ-22-TM-0421.exe

windows7-x64

10

REQ-22-TM-0421.exe

windows10-2004-x64

10

avzthbaywy.exe

windows7-x64

3

avzthbaywy.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d7880403c1c456e3c7e4b047f64bcf35-sample.zip

  • Size

    328KB

  • Sample

    240229-zazbvacb56

  • MD5

    0a98b52418413675320d1552f7b23cc6

  • SHA1

    f7d926296154382bb9e03af2a7c30479a4be36d1

  • SHA256

    0ce0682abb75b00b32858e270246e168799e2618f671edd3da16680586fb306f

  • SHA512

    6d9cfb15a0e776ef6c7c991d3db7bd910effbc0761713410fba76613e84f6c7a17388847205071f19d6e79cd4d497f48debcc9065011b40d7f5fd1756c253cea

  • SSDEEP

    6144:ldIdUZB1dVMXukeGXvHwmhYLg566T+tTf65UKXaJKQBpQwxuJu6CLIsGhXK:wdUfp0hRXxLTuG5fKJZfKkLIsGA

Score
10/10
formbookm5oeratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

m5oe

Decoy

HdR8hG6r12hBYuHY4zv6YeeFPQ==

tD1V9gswYvgQXEGd

1xKtJ1LdqRYMRMC84U1A

MbhjiWb7Lz8z7KIWl3UyUIJwA6Tb

joVB5Xggy2RtE+odsZg=

TrduAIay6Y3SvoIK20xI

pSna7LOsXXwXT/zz3Iow4g==

QnthmO4Qst5gC3sDoA==

eAirzOOgO7SOCenz3Iow4g==

xg0uSbfLTg==

YWQXwyGRzPEHzGrDFE8CBSE=

ujLnfuXoH9dbgHIK20xI

291v0XsGFrYQXEGd

MRvTd/qMuaHpjCM=

X131fLC6VWX4MsvCb2IPjIfq8wlksWfg

Y9Bur8DbgqFt/Yni86MMCCE=

q6RTBmJkmy5pWTmmCCrvmuCDPw==

mQS26DojT+EQXEGd

sjHQ+Kav2Wx9FeodsZg=

JA24UKnTA5re1LhcQaVo/w==

Targets

    • Target

      REQ-22-TM-0421.exe

    • Size

      339KB

    • MD5

      03c5bcabede556bfc4239b8b5cd82c96

    • SHA1

      f4adc8324ab83478fd1e8d276bde2fec5a37cdef

    • SHA256

      345c796d9c9e422f8d60c79b8979b9de8df2748c6c3e5b78ff3f44a99024b31b

    • SHA512

      5ea449eb53ff8cf669fcd6cffea586cc1a1d88b67fa70c0ff2f72a2e9e8c575edcb0073fa0608cd729e6c7d353480044b6d1cfd10f57089dfac45a7e1d467213

    • SSDEEP

      6144:9kwNabEIE9NpesIQroOyxdbt4v3AWP147fIYSp4CNuVszpRj6ZlXzQ4xypW:HIEPpC8SfbY/4kDVDpRjExyY

    Score
    10/10
    formbookm5oeratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      avzthbaywy.exe

    • Size

      289KB

    • MD5

      13c80abd753e9c38782524743504a0dd

    • SHA1

      709129996e9d1474f57ed77eb38794d82f9805c4

    • SHA256

      d718c0c41640eefcd910fd40f970e3e47a025352602bd8c0e53ab7baeaba1aa0

    • SHA512

      828830e4ac3c8757ae9d8602415570768903620912d8dcaac87207b9cf054e6ae5a14b2372451160776901a067079a853ef5606114848afee2b440f6279b662f

    • SSDEEP

      6144:54kPEeNtgeA+2OSlbnb1CsLR6Hp7Xu/0DHblcqD/L:54kPEeNtR2OSlbhV6Fu/0dc+L

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks