General

  • Target

    Payment Slip.exe

  • Size

    505KB

  • Sample

    210408-5fbybchvl6

  • MD5

    2ca388f576c09252531a51474cdf74ae

  • SHA1

    2d8f4f340bf642fc0f2565a20ed079cc669e18b3

  • SHA256

    4f450fcf02d7006fd4fbea8c2cad999397672d44864f1e8c504633ce53c3d53d

  • SHA512

    373f3f9690c9061922ea95ec24c86c87a586125949e1368268b018185be44db6cc273cec9e42821f857b733d9bbe6462e5b8ba37149f577597dcaa33f1f0e791

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.the-techs.info/chue/

Decoy

wowmovies.today

magentos6.com

bi-nav.com

atlantahawks.sucks

wluabjy.icu

kevableinsights.com

lavidaenaustralia.com

stonermadeapparel.net

sondein.com

cirquedusoleilartist.com

kanjitem.com

tomofalltrades.site

mecanico.guru

tech2020s.com

amesoneco.com

theawfulliar.com

californiaadugurus.com

rentalservicesolutions.com

fsxbhd.club

casino-seo.com

Targets

    • Target

      Payment Slip.exe

    • Size

      505KB

    • MD5

      2ca388f576c09252531a51474cdf74ae

    • SHA1

      2d8f4f340bf642fc0f2565a20ed079cc669e18b3

    • SHA256

      4f450fcf02d7006fd4fbea8c2cad999397672d44864f1e8c504633ce53c3d53d

    • SHA512

      373f3f9690c9061922ea95ec24c86c87a586125949e1368268b018185be44db6cc273cec9e42821f857b733d9bbe6462e5b8ba37149f577597dcaa33f1f0e791

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Nirsoft

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks