General

  • Target

    ins.exe

  • Size

    311KB

  • Sample

    210114-l3nz1geqz2

  • MD5

    689ce116559e5aa27f5b8dcd91406e08

  • SHA1

    6092abe31afd20dfaa023bba7d9c0e1c000236b3

  • SHA256

    de6f5b39f4129ed442da26837a296a2b2e9573af841cc7fc41a5a72d4c673de7

  • SHA512

    d315d45328a6e9b4af40600637f720a8b6df640253284e7f6860333d98b57062bec4c8dc88b195264b398b3e6808bd85ab128e3e6b7c18e99f25e545945a2606

Malware Config

Extracted

Family

formbook

C2

http://www.nationshiphop.com/hko6/

Decoy

apartmentsineverettwa.com

forritcu.net

hotroodes.com

skinnerttc.com

royaltrustmyanmar.com

adreslog.com

kaysbridalboutiques.com

multitask-improvements.com

geniiforum.com

smarthomehatinh.asia

banglikeaboss.com

javlover.club

affiliateclubindia.com

mycapecoralhomevalue.com

comparamuebles.online

newrochellenissan.com

nairobi-paris.com

fwk.xyz

downdepot.com

nextgenmemorabilia.com

Targets

    • Target

      ins.exe

    • Size

      311KB

    • MD5

      689ce116559e5aa27f5b8dcd91406e08

    • SHA1

      6092abe31afd20dfaa023bba7d9c0e1c000236b3

    • SHA256

      de6f5b39f4129ed442da26837a296a2b2e9573af841cc7fc41a5a72d4c673de7

    • SHA512

      d315d45328a6e9b4af40600637f720a8b6df640253284e7f6860333d98b57062bec4c8dc88b195264b398b3e6808bd85ab128e3e6b7c18e99f25e545945a2606

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks