General

  • Target

    in.exe

  • Size

    232KB

  • Sample

    210113-q29w3n6cne

  • MD5

    cc35be28c18578d43849919ac1025d5a

  • SHA1

    60bcb41d5ef76af919c769fab88f53c6a623a83b

  • SHA256

    0c9d116a854e274534015e3e8e8349687c0c17b01653723642aeee53aa39bfac

  • SHA512

    489abbc5a24d8dae03998387b246bc51459fcb4135aab480cc1f8a6bb509343529bf13a99fe299eff13f1e5be4af36c1058c16ae79a0afe1eda92e971938e7f1

Malware Config

Extracted

Family

formbook

C2

http://www.besthandstool.icu/uds2/

Decoy

hrrecruitertraining.com

pancakeroll.club

equiposddl.com

fab-9corporation.com

seanformo.com

fisika-uinam.com

cheeseburgerpasta.com

cherylkarlfineartist.com

wunderprodukte.net

3912699.com

sanitizyo.com

856381190.xyz

aprobet42.xyz

knutsfastigheter.com

disalvospizzaitalian.com

energysavingsolarpower.com

oldwonderful.com

se32688.com

samkecollection.com

colegioreynosa.com

Targets

    • Target

      in.exe

    • Size

      232KB

    • MD5

      cc35be28c18578d43849919ac1025d5a

    • SHA1

      60bcb41d5ef76af919c769fab88f53c6a623a83b

    • SHA256

      0c9d116a854e274534015e3e8e8349687c0c17b01653723642aeee53aa39bfac

    • SHA512

      489abbc5a24d8dae03998387b246bc51459fcb4135aab480cc1f8a6bb509343529bf13a99fe299eff13f1e5be4af36c1058c16ae79a0afe1eda92e971938e7f1

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks