General

  • Target

    318c866ef078ec6d9597aaebed8bc370

  • Size

    799KB

  • Sample

    210706-9mrms7lh1e

  • MD5

    318c866ef078ec6d9597aaebed8bc370

  • SHA1

    4d0008cb7d64f6fb5378672bc4a2edba43546e1f

  • SHA256

    54469ace58ddcfdd6d834574d87003857b0cda05e27a0b8e31cb0b58e6ca105d

  • SHA512

    cd32fd72eda19e8a2210a3b646b21cbee5b722672773a49c0e4dc02fdaad9c9fb99a60326eb1a9589e4b02b3e30eb85e2c5a3b5cfd767155f72fa123f9e68985

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.survivai.com/bsdd/

Decoy

533dh.com

galerisikayet.xyz

tipsyalligator.com

crystalwellnessstudio.com

moovaap.com

lelfie.network

speedy-trips.com

prospectsolucoes.com

24x7customersservice.com

szbinsen.com

shikhardeals.com

totaldenta.com

ayksjx.com

avxrja.online

24kyule888.com

ufaw.net

spinozone.com

castvoicesmsreg.com

lajollawoodworks.com

renetyson.com

Targets

    • Target

      318c866ef078ec6d9597aaebed8bc370

    • Size

      799KB

    • MD5

      318c866ef078ec6d9597aaebed8bc370

    • SHA1

      4d0008cb7d64f6fb5378672bc4a2edba43546e1f

    • SHA256

      54469ace58ddcfdd6d834574d87003857b0cda05e27a0b8e31cb0b58e6ca105d

    • SHA512

      cd32fd72eda19e8a2210a3b646b21cbee5b722672773a49c0e4dc02fdaad9c9fb99a60326eb1a9589e4b02b3e30eb85e2c5a3b5cfd767155f72fa123f9e68985

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks