General

  • Target

    a47c9823ccdf9e53c683ea1cc9b68caf.exe

  • Size

    636KB

  • Sample

    210420-vym4zkd7ke

  • MD5

    a47c9823ccdf9e53c683ea1cc9b68caf

  • SHA1

    59b28ad9022478f383b3244ba254d30a3355258d

  • SHA256

    a87d0fe01c64e340eb6cb2aa36e4d27dcc5002b85573b0e9933e709e4e388621

  • SHA512

    9c04637631f58023f123cb2c58eb736b1047bf2c494e70c9c3e4f6395d63898d9cae0281f050b044f21f52ab3eeab9f40b7a1aad9c6621054d833faba3295aa8

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.contactodirectoseguros.com/x0h/

Decoy

recyclenara.com

digirryte.com

hesora.com

friendnancial.com

togetherepiscopal.com

gabilan.net

caribbeanjewelz.com

innovativeiclass.com

weddingrebels.com

underarmoutteamuniforms.com

buettner-freierede.com

3dxeroxprint.com

nationaltaekwondomuseum.com

specnazshow.com

yongle52844253.com

netacradle.com

tiffany-michellebodywhipt.com

goltrongame.com

yunusenvironmenthub.com

shopbirdbutique.com

Targets

    • Target

      a47c9823ccdf9e53c683ea1cc9b68caf.exe

    • Size

      636KB

    • MD5

      a47c9823ccdf9e53c683ea1cc9b68caf

    • SHA1

      59b28ad9022478f383b3244ba254d30a3355258d

    • SHA256

      a87d0fe01c64e340eb6cb2aa36e4d27dcc5002b85573b0e9933e709e4e388621

    • SHA512

      9c04637631f58023f123cb2c58eb736b1047bf2c494e70c9c3e4f6395d63898d9cae0281f050b044f21f52ab3eeab9f40b7a1aad9c6621054d833faba3295aa8

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks