General

  • Target

    Passport_ID_jpg.exe

  • Size

    657KB

  • Sample

    210421-vf71brk17s

  • MD5

    6b095bd38143e9308e9ffca16b2a5bff

  • SHA1

    0fdd73e4020f6c1e5a3482659bae46bd5d47d8e2

  • SHA256

    2fcd9b75bc8b3443e1196faca6b458d8caeaa213b19dd5e5ee78ae559962aa9c

  • SHA512

    6be73b32e7b6244d1b90a7a81acb0a3df84166b0ac863355f5c9f8c2608bbb9e9bd620993a0e019d6a14dafd923d7036d563289bba18d15b40ec4535aaa721dc

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.simplymollie.com/sre/

Decoy

pasionmusical.com

csgoplays.com

donnabsringsblingandthings.com

renovation-mansion.com

stoneswithsouls.com

ibworm.net

solidwin88bet.com

vtnywvebg.club

buyyourhd.com

reviewit4you.com

tobethelion.com

venicegifts.com

tyronredman.com

peloponnesesunbed.com

atranscom.com

flexi-rentals.com

neilint.com

brmsempire.com

maisquebolsas.com

hack-cloud.icu

Targets

    • Target

      Passport_ID_jpg.exe

    • Size

      657KB

    • MD5

      6b095bd38143e9308e9ffca16b2a5bff

    • SHA1

      0fdd73e4020f6c1e5a3482659bae46bd5d47d8e2

    • SHA256

      2fcd9b75bc8b3443e1196faca6b458d8caeaa213b19dd5e5ee78ae559962aa9c

    • SHA512

      6be73b32e7b6244d1b90a7a81acb0a3df84166b0ac863355f5c9f8c2608bbb9e9bd620993a0e019d6a14dafd923d7036d563289bba18d15b40ec4535aaa721dc

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Command-Line Interface

1
T1059

Discovery

System Information Discovery

1
T1082

Tasks