General

  • Target

    bobb4567.exe

  • Size

    245KB

  • Sample

    210727-y9yzkjqs8s

  • MD5

    90825728992d0ef937e2523370e34b31

  • SHA1

    7b9a3d06e10d3ccb32a8be5a98ec253bbc0bdebf

  • SHA256

    9598f7ebeef58e063e6e5de7da5ea2775991628d11c4fae3e3e2854fa22065eb

  • SHA512

    dc180827a8ba8f24dbf20f38091e1bee6c96776399733bf6519e567c0072ae5907abeaeea5873630a4a9057ec34370bbee47042c7b7e5d4e143ac6cac105f370

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.bulverderoofing.com/lt0h/

Decoy

originalindigofurniture.co.uk

fl6588.com

acecademy.com

yaerofinerindalnalising.com

mendilovic.online

rishenght.com

famlees.com

myhomeofficemarket.com

bouquetarabia.com

chrisbani.com

freebandslegally.com

hernandezinsurancegroup.net

slicedandfresh.com

apnathikanas.com

chadhatesyou.com

ansilsas.com

in3development.com

nitiren.net

peespn.com

valengz.com

Targets

    • Target

      bobb4567.exe

    • Size

      245KB

    • MD5

      90825728992d0ef937e2523370e34b31

    • SHA1

      7b9a3d06e10d3ccb32a8be5a98ec253bbc0bdebf

    • SHA256

      9598f7ebeef58e063e6e5de7da5ea2775991628d11c4fae3e3e2854fa22065eb

    • SHA512

      dc180827a8ba8f24dbf20f38091e1bee6c96776399733bf6519e567c0072ae5907abeaeea5873630a4a9057ec34370bbee47042c7b7e5d4e143ac6cac105f370

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Formbook Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks