General

  • Target

    ed43ff447cd5486610731a627a930607.exe

  • Size

    1.1MB

  • Sample

    210722-j4ajtmxrts

  • MD5

    ed43ff447cd5486610731a627a930607

  • SHA1

    91449c85fb2fa5d27f8db3c8c08cdfb9d3287162

  • SHA256

    91cdb947644a5a802adac7583a79e7e560da38839489a02e7464730ff66fd004

  • SHA512

    3bd5692c8b81221a2b1e83b17b36872fc664935ed14d6d645dd0efa6e2725c0c95598e4871b358092fbb406e8eb4600face90aa1b98fe5720fd4629ff2903a1d

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.hometowncashbuyersgroup.com/kkt/

Decoy

inspirafutebol.com

customgiftshouston.com

mycreativelending.com

psplaystore.com

newlivingsolutionshop.com

dechefamsterdam.com

servicingl0ans.com

atsdholdings.com

manifestarz.com

sequenceanalytica.com

gethealthcaresmart.com

theartofsurprises.com

pirateequitypatrick.com

alliance-ce.com

wingrushusa.com

funtimespheres.com

solevux.com

antimasathya.com

profitexcavator.com

lankeboxshop.com

Targets

    • Target

      ed43ff447cd5486610731a627a930607.exe

    • Size

      1.1MB

    • MD5

      ed43ff447cd5486610731a627a930607

    • SHA1

      91449c85fb2fa5d27f8db3c8c08cdfb9d3287162

    • SHA256

      91cdb947644a5a802adac7583a79e7e560da38839489a02e7464730ff66fd004

    • SHA512

      3bd5692c8b81221a2b1e83b17b36872fc664935ed14d6d645dd0efa6e2725c0c95598e4871b358092fbb406e8eb4600face90aa1b98fe5720fd4629ff2903a1d

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks