General

  • Target

    RQ948594.7z

  • Size

    222KB

  • Sample

    210419-61f2zvdnps

  • MD5

    eabbff01a266f118ef06865079ebbcba

  • SHA1

    4f1db8d63534b8d5d6c3d1f1a8b76fe6d006298a

  • SHA256

    ba4e4e4cb7e4141ffc7f58cf29a69524ba86c44daae525680d95ecb42135fbb3

  • SHA512

    7441b7a2704baedaf4e27c858435de5da5f8abff4f3c317c5ae88c8e36bc63bcff659e7306c6c3c9067c57969a02836330582f9ca33674768106e536a6d822aa

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.lorewe.ltd/gby/

Decoy

ubuntuhorizons.com

prohajek.com

onesky45.com

dztsjp.com

katarhukuk.com

nawanaconcept.com

sdsglebal.net

toxnewadmrykaa.com

a2zlables.com

linusandco.com

unshakeablemeproductions.com

dongfanghong.bet

0755mf.com

nhatviet.xyz

natieand.com

clases-online.com

anelacafe.com

mundodosvestidos.com

aug32.com

godrejmahalungehillside.com

Targets

    • Target

      RQ948594.exe

    • Size

      602KB

    • MD5

      d350b00b989d0854c56fb660ecbea848

    • SHA1

      ee23def09c2b0dee9d9c442f8a0b5d9da423494f

    • SHA256

      98cab82db03aed20b3620d28466a63e2923e9b00a63cb76ac41727f1abd3813b

    • SHA512

      876cd05054d068caf91707649fa9687b5089ae63ca43f3023e7fe34075d4117df2539359485f3f7cd7fec2869515b24635d4b3602b28e3e57e5d1d8de81835b4

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks