General

  • Target

    06daa4f472383226392964c70e34c376

  • Size

    65KB

  • Sample

    210723-776nvstzlj

  • MD5

    06daa4f472383226392964c70e34c376

  • SHA1

    b47a3554b0bf7250caa0f84090fb387cb332f31b

  • SHA256

    51c392870e9f21df2154b4e68a901ca1b5d9fccdcf00a4e6fa60ef07b4dfc541

  • SHA512

    9f220bc3f4c097d582f2958e57255e862f1b67191c6409ea0199a1c9ce3bd57830f7d9cd86c38925b7c61d744a77cbd51d2b59ffee9f66d57e0ee2a4ab654dee

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.howmucharemyrarecoinsworth.com/jn7g/

Decoy

mojketering.com

signinsimple.com

theartclouds.com

xmartmanagement.com

akademisantri.com

knitsu.com

funeralhomeswarrensburgil.com

formatohd.xyz

ortetiles.com

myeduhubs.com

twinpiques.com

itpaystobefashionable.com

3drinkminimum.com

wanpoo1.com

crystalclearlifecoachingcc.com

dronerealestate.net

langers.email

konstela.com

enteratecondanielvelasquez.com

graceinhomeschoolchaos.com

Targets

    • Target

      06daa4f472383226392964c70e34c376

    • Size

      65KB

    • MD5

      06daa4f472383226392964c70e34c376

    • SHA1

      b47a3554b0bf7250caa0f84090fb387cb332f31b

    • SHA256

      51c392870e9f21df2154b4e68a901ca1b5d9fccdcf00a4e6fa60ef07b4dfc541

    • SHA512

      9f220bc3f4c097d582f2958e57255e862f1b67191c6409ea0199a1c9ce3bd57830f7d9cd86c38925b7c61d744a77cbd51d2b59ffee9f66d57e0ee2a4ab654dee

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Formbook Payload

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks