General

  • Target

    Yeni Siparis listesi.exe

  • Size

    614KB

  • Sample

    210811-gv5rf8px9n

  • MD5

    8ffd1687d55df5dd0ef08960e77df9a9

  • SHA1

    98e4235a7192cfb54245eaaa0cd04454d67e72d1

  • SHA256

    03274468c32f75a5cca8434b9ee4adad38324b2d946a6b4734ac18d270926cb0

  • SHA512

    5bf2999f19e726c7f943d296d4ff7a46e16c0b1c0870c58d90c3674f93589c8b71bdca04bbe00ef617a2562c7bead789ad5e58a6a5b2f38415796010696a74ea

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3nop

C2

http://www.jakesplacebarbers.com/3nop/

Decoy

videohm.com

panache-rose.com

alnooncars-kw.com

trueblue2u.com

brussels-cafe.com

ip2c.net

influenzerr.com

rbcoq.com

zzful.com

drainthe.com

sumaholesson.com

cursosaprovados.com

genotecinc.com

dbrulhart.com

theapiarystudios.com

kensyu-kan.com

dkku88.com

tikhyper.com

aztecnort.com

homebrim.com

Targets

    • Target

      Yeni Siparis listesi.exe

    • Size

      614KB

    • MD5

      8ffd1687d55df5dd0ef08960e77df9a9

    • SHA1

      98e4235a7192cfb54245eaaa0cd04454d67e72d1

    • SHA256

      03274468c32f75a5cca8434b9ee4adad38324b2d946a6b4734ac18d270926cb0

    • SHA512

      5bf2999f19e726c7f943d296d4ff7a46e16c0b1c0870c58d90c3674f93589c8b71bdca04bbe00ef617a2562c7bead789ad5e58a6a5b2f38415796010696a74ea

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Formbook Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks