General

  • Target

    b.exe

  • Size

    3.3MB

  • Sample

    210113-8jl1vgnttn

  • MD5

    30cb872994e8a0a4a635b06bfbe38006

  • SHA1

    02e502ef79ea251f04fa9e02dd1d7639e59c7ddc

  • SHA256

    d0b62e121a89ba8e44b4b71a887dd80df1e4fc746dabc200854622e9ed1fa8cb

  • SHA512

    57bc48f7c2e77d28f13cd52dadeaa24a50a8eafb0316c2b7894e49cbe17fb16f14efe4f7b7568ef3ae40c7e6ec0a07862ec9bd91541be477795f7c113a4816d1

Malware Config

Extracted

Family

formbook

C2

http://www.registeredagentfirm.com/jqc/

Decoy

strahlenschutz.digital

soterppe.com

wlw-hnlt.com

topheadlinetowitness-today.info

droriginals.com

baculatechie.online

definity.finance

weddingmustgoon.com

ludisenofloral.com

kenniscourtureconsignments.com

dl888.net

singledynamics.com

internetmarkaching.com

solidconstruct.site

ip-freight.com

11sxsx.com

incomecontent.com

the343radio.com

kimberlygoedhart.net

dgdoughnuts.net

Targets

    • Target

      b.exe

    • Size

      3.3MB

    • MD5

      30cb872994e8a0a4a635b06bfbe38006

    • SHA1

      02e502ef79ea251f04fa9e02dd1d7639e59c7ddc

    • SHA256

      d0b62e121a89ba8e44b4b71a887dd80df1e4fc746dabc200854622e9ed1fa8cb

    • SHA512

      57bc48f7c2e77d28f13cd52dadeaa24a50a8eafb0316c2b7894e49cbe17fb16f14efe4f7b7568ef3ae40c7e6ec0a07862ec9bd91541be477795f7c113a4816d1

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks