General

  • Target

    90508db9aa3b3698eb08109217eb43b7.exe

  • Size

    1.0MB

  • Sample

    201210-8s8qaddvyn

  • MD5

    90508db9aa3b3698eb08109217eb43b7

  • SHA1

    f443522186cad995be2fce64a377bb1e01b49250

  • SHA256

    b28f4495e2cda5a5fef0408701a136d820c7cf2e7a45dd101e70b31458e31530

  • SHA512

    34f683a79d9bcef09a77dd2edf85015b540fd55cb2c709daa7363fa70518f30a6c99d48de7424ef551b8b13ce96dc6a472c319f1eddec2b4acaf2d0d8fb2f4aa

Malware Config

Extracted

Family

formbook

C2

http://www.switchtoambitwithmirtha.com/jskg/

Decoy

jajaten.com

pnorg.net

rccarquibogota.com

marcomarabiamea.com

theligue.com

mdearpet.com

barokahsrivillage.com

wisdomtoothguru.com

srteamsex.com

erotictoybox.com

278698.com

victimaccidents.com

bootyfashions.com

stomasto.site

canalysisconsulting.com

printandmail.legal

bestcureforbackpain.com

apanifitness.com

smartabletech.com

facialsteamerofficial.com

Targets

    • Target

      90508db9aa3b3698eb08109217eb43b7.exe

    • Size

      1.0MB

    • MD5

      90508db9aa3b3698eb08109217eb43b7

    • SHA1

      f443522186cad995be2fce64a377bb1e01b49250

    • SHA256

      b28f4495e2cda5a5fef0408701a136d820c7cf2e7a45dd101e70b31458e31530

    • SHA512

      34f683a79d9bcef09a77dd2edf85015b540fd55cb2c709daa7363fa70518f30a6c99d48de7424ef551b8b13ce96dc6a472c319f1eddec2b4acaf2d0d8fb2f4aa

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Tasks