General

  • Target

    SecuriteInfo.com.Variant.Zusy.394472.15672.20727

  • Size

    193KB

  • Sample

    210722-see98x48pe

  • MD5

    89cfb542cda6a428cc5c02feaf3c55f8

  • SHA1

    9a0606c633ffe5ae4b6dcb7dcfba57b7e22cb05d

  • SHA256

    b663fea76aadbf574e5bb9f704ad689ec10f0d720b0b9641e70b27494fe4cc17

  • SHA512

    22fd691c761ec2ac5be4b3a9b682daf53abb3de05787d07474bc0e41a8c7bf001a10783f3eea6d7d70528dae1da13506e4370b16f3c02b7d92db9e6ffb2ac79b

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.yjhlgg.com/grve/

Decoy

jrvinganimalexterminator.com

smallsyalls.com

po1c3.com

mencg.com

aussieenjoyment.today

espace22.com

aanmelding-desk.info

gallopshoes.com

nftsexy.com

ricosdulcesmexicanos.com

riseswift.com

thechicthirty.com

matdcg.com

alternet.today

creativehuesdesigns.com

rjkcrafts.com

lowdosemortgage.com

adoptahamster.com

wellness-sense.com

jacardcapital.com

Targets

    • Target

      SecuriteInfo.com.Variant.Zusy.394472.15672.20727

    • Size

      193KB

    • MD5

      89cfb542cda6a428cc5c02feaf3c55f8

    • SHA1

      9a0606c633ffe5ae4b6dcb7dcfba57b7e22cb05d

    • SHA256

      b663fea76aadbf574e5bb9f704ad689ec10f0d720b0b9641e70b27494fe4cc17

    • SHA512

      22fd691c761ec2ac5be4b3a9b682daf53abb3de05787d07474bc0e41a8c7bf001a10783f3eea6d7d70528dae1da13506e4370b16f3c02b7d92db9e6ffb2ac79b

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks