Overview

overview

10

Static

static

3

16346ed15b...d6.exe

windows7-x64

7

16346ed15b...d6.exe

windows10-2004-x64

10

mwfkiq.exe

windows7-x64

3

mwfkiq.exe

windows10-2004-x64

3

vqclxetbtm.ps1

windows7-x64

3

vqclxetbtm.ps1

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_dbf84e96986833b84a04c6940f2632bcd554523fbc8553bcdbda46d62846a17a

  • Size

    615KB

  • Sample

    241224-db4gaszmey

  • MD5

    2e9d84924a0b07f3f3dc75115b742991

  • SHA1

    5a8b5a5986570a0efe1a45fe95dc8cffa592186d

  • SHA256

    dbf84e96986833b84a04c6940f2632bcd554523fbc8553bcdbda46d62846a17a

  • SHA512

    14a8dd6a422d3aaca495d3a4cab179243b36a6b029ccfdfaa1c5f064e4be9c30e3d9a7bdc9fc4b5985f90324f9ed240bbc4b62655739237abc35488988ee7cac

  • SSDEEP

    12288:HxnUKcNGvHXZ+DyNDOCD7LAoD+lqp/7Cu/OI4bZh9YRrl5jHGHm:HxUK9HXZZJ9pD+lQTV/O9lOrnmHm

Score
10/10
formbookhenzdiscoveryexecutionratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

henz

Decoy

IxWMb+jVsoinShuZJzk=

TPfKgQZ//oGnKr/J

EsK0WxD5kY65XOW1Td/5CxSUpCUytR7M

KebSmiCP9p8yUw==

HAt/ljkEuqMLHOLCi53Pv8MKX9qk

CY4ogZTwJc4vSw==

WWDIx5UYUDyepntE0YIAPca3/rI=

+Pkr01Lfb2rME7bL

S5nyK0p8jS2xdwQ=

W/oqvlO57LfkLcLHnQ==

zrrwtqkTLwxulm4l8FGopw==

AqucYext8bzFbOKthIm8E6gfVkUHxKY=

OfnjeDs78+RTcz4OHRl+

XKf1wwpZR5hLLjHgmUGOpQ==

JMyhSLoJPTCwn5o9zX2d8i1+

Wk54MBsDhWSVbnIRkQ==

7aaYR/tOhh9piTw5/KHSRwuK2iqgafw7pQ==

hH/EYxN+jC2xdwQ=

S0F4ORqDjS2xdwQ=

0o/UwXnuJ+sJp0cOHRl+

Targets

    • Target

      16346ed15b2d60e072d99cd110e29c8bef43483b9f8a5f9246123750bc0073d6

    • Size

      626KB

    • MD5

      031281aa0667cba260ddad6f77c89ccd

    • SHA1

      17b747e3e1de9296f862d522a9664046d2d3469e

    • SHA256

      16346ed15b2d60e072d99cd110e29c8bef43483b9f8a5f9246123750bc0073d6

    • SHA512

      f4715533c2f535964dc98f581887abc1a9daf68f913b9b316762ddf169b4209458fbeebed8173fca65c7d4732087bf0b0e4369fa440cebd45772d77559820ea2

    • SSDEEP

      12288:bItKcNGvH3x+D0NDO6D7zkoT+lqp/7Iu/O2ybZx9Y9rl7jjGHS:bItK9H3xbJZlT+lQTD/O3BArRCHS

    Score
    10/10
    discoveryformbookhenzratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook family

      formbook

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      mwfkiq.exe

    • Size

      925KB

    • MD5

      0adb9b817f1df7807576c2d7068dd931

    • SHA1

      4a1b94a9a5113106f40cd8ea724703734d15f118

    • SHA256

      98e4f904f7de1644e519d09371b8afcbbf40ff3bd56d76ce4df48479a4ab884b

    • SHA512

      883aa88f2dba4214bb534fbdaf69712127357a3d0f5666667525db3c1fa351598f067068dfc9e7c7a45fed4248d7dca729ba4f75764341e47048429f9ca8846a

    • SSDEEP

      24576:fYgAon+KfqNbXD2XJ2PH1ddATgs/u2kaCB+l:f37+KSbq5e1diEnHaCK

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      vqclxetbtm.au3

    • Size

      9KB

    • MD5

      528e53c721e9a9ddd2b963098da47a1b

    • SHA1

      6e7b4d8a92b14ce4fbbe6eb4ca93b12dd120ae24

    • SHA256

      bcbef065142b2fffd5baa3ce19f0ca347451f2d75cfbea9e3e9cc323c678edd6

    • SHA512

      3c42df1b911768497f2822189ff999f229a904ced51a7e1c8355e73c1e30f4b8fc8ddcca584dccc9a6f482d0f48fb6dece54a73a95eec0c9506e25b5189e4d7c

    • SSDEEP

      192:v/32CwOpSO6oMZ7HTWmV/V/VMVISBV/V/V9JVp:HwzPoMZPpddU3dd9bp

    Score
    3/10
    execution
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks