General

  • Target

    e4be8ad4a01c3d5a4f9095d98184a15863ebb0c6ad8a23b1f6128ef045e8281f.zip

  • Size

    204KB

  • Sample

    201211-4jzhar6fqn

  • MD5

    7ef6c9b053ccc6c9d733330df8bcd5c8

  • SHA1

    1ea63f8beb33af95c0c92527676c997b473f0cea

  • SHA256

    0d07ec342e6af7f5e2b6c600a006cbf03483df901104e3480be6e9c00ed1de1b

  • SHA512

    54edcdb66724462dd5ac4b53c9b9e7de783c4d57822748690cbe795e68711c92fa2128ec13fd57cb2d4e14a7108f421d7c33b31b31d018920930fef722e4ffff

Malware Config

Extracted

Family

formbook

C2

http://www.beemptty.com/mx/

Decoy

studsociety.net

dinobastiani.com

0i4ninesome.men

azureolive.com

alaskaserviceagency.net

affordablenotes.com

loafund.com

eldelvideo.com

xiaomimi4.com

wokeamerican.net

studietijd.com

szshuaxin.com

integratingfaithandwork.com

scanreg5483.win

takeurpicture.com

ljfuxing.com

vitelstars-firm-india.site

forefrontinspectionservices.com

blacklist.place

charityforlife.life

Targets

    • Target

      e4be8ad4a01c3d5a4f9095d98184a15863ebb0c6ad8a23b1f6128ef045e8281f

    • Size

      267KB

    • MD5

      1e5a88fc919f1dde5ce8c69cac45dc94

    • SHA1

      fbbc3ee1afd262a4e02cb85a7efe9576b26edb44

    • SHA256

      e4be8ad4a01c3d5a4f9095d98184a15863ebb0c6ad8a23b1f6128ef045e8281f

    • SHA512

      39cab534fb0f016e0b5192494da67d0020d10df1e98aabe32a73ad6e2965776334070b0b1dd44f4ab773b9292b1209d24153695b21a17aa19d1603c8a6d55ebf

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks