General

  • Target

    NOW PO n08765456789093.exe

  • Size

    305KB

  • Sample

    200630-dn8ypt74te

  • MD5

    48403eec26a42d2e2d053de67df6e493

  • SHA1

    d0c2635d509aa173129179e8346dec0e16db1863

  • SHA256

    4ef912ba8f9cfbe827295f923edc2e3b11e0bb061070f1b75b3d5e1e59d1e8eb

  • SHA512

    865d9b0002cfff9d771a22710a1dc47e0e015ccf5946354ab554a9dc48b4ce0f802106703c59b76110d28af737b757fa68c654cd82da7389d0f952c6b15833b4

Malware Config

Targets

    • Target

      NOW PO n08765456789093.exe

    • Size

      305KB

    • MD5

      48403eec26a42d2e2d053de67df6e493

    • SHA1

      d0c2635d509aa173129179e8346dec0e16db1863

    • SHA256

      4ef912ba8f9cfbe827295f923edc2e3b11e0bb061070f1b75b3d5e1e59d1e8eb

    • SHA512

      865d9b0002cfff9d771a22710a1dc47e0e015ccf5946354ab554a9dc48b4ce0f802106703c59b76110d28af737b757fa68c654cd82da7389d0f952c6b15833b4

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Adds Run entry to policy start application

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run entry to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

4
T1112

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks