General

  • Target

    CT14876.exe

  • Size

    225KB

  • Sample

    210507-ae1bj51wwa

  • MD5

    a2cc53c25b8ae51eab431b18699da8fa

  • SHA1

    8a422c72ad1b018ad7dcda36f8fa328bd2c6bfbc

  • SHA256

    5313ca84959a3d88973ad5b85acc66e268c3e8874d5d6f21fcd4a4c1a7628496

  • SHA512

    69ff51431b3f3fa71223d88df30a1c4b2d32b38afb081cafcf14484caad548e8626ca099b6ad38852b9f9d340af0f790868995564f062de78926f0a29d45d2b5

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.knighttechinca.com/dxe/

Decoy

sardarfarm.com

959tremont.com

privat-livecam.net

ansel-homebakery.com

joysupermarket.com

peninsulamatchmakers.net

northsytyle.com

radioconexaoubermusic.com

relocatingrealtor.com

desyrnan.com

onlinehoortoestel.online

enpointe.online

rvvikings.com

paulpoirier.com

shitarpa.net

kerneis.net

rokitreach.com

essentiallygaia.com

prestiged.net

fuerzaagavera.com

Targets

    • Target

      CT14876.exe

    • Size

      225KB

    • MD5

      a2cc53c25b8ae51eab431b18699da8fa

    • SHA1

      8a422c72ad1b018ad7dcda36f8fa328bd2c6bfbc

    • SHA256

      5313ca84959a3d88973ad5b85acc66e268c3e8874d5d6f21fcd4a4c1a7628496

    • SHA512

      69ff51431b3f3fa71223d88df30a1c4b2d32b38afb081cafcf14484caad548e8626ca099b6ad38852b9f9d340af0f790868995564f062de78926f0a29d45d2b5

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks