General

  • Target

    PI L032452021xxls.lzh

  • Size

    558KB

  • Sample

    210915-jan8waaah6

  • MD5

    cef93ba770cfbdae2f883e71a5b8ef7a

  • SHA1

    3cf945c129557f195a65ca85f43502052caf4c1c

  • SHA256

    310148ae5e69b2ccfd91c5e3af16d0bfbe3c6aba0d348b5512a4932af2afaf17

  • SHA512

    3abf61c41e9fb65e8bf78d61a4f898807968fd324c04ffe3793e32c22b57620adf2850564aa383df4295bc280c044eaa9f3888ef20865cb1227bc3e5fc900592

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ergs

C2

http://www.barry-associates.com/ergs/

Decoy

jardineriavilanova.com

highkeyfashionboutique.com

willingtobuyyourhouse.com

ysfno.com

bjkhjzzs.com

hexmotif.com

intentionalerror.com

nuu-foundfreedom.com

catalystspeechservices.com

blackmybail.com

xntaobaozhibo.com

site-sozdat.online

45quisisanadr.com

ipawlove.com

yifa5188.com

admm.email

houseoftealbh.com

scale-biz.com

vdvppt.club

loveandlight.life

Targets

    • Target

      PI L032452021xxls.exe

    • Size

      706KB

    • MD5

      73c7fda15888b3b6cc025ce3d5f83161

    • SHA1

      78b8467853dc5bdba4dd28a8602902fcc210f67c

    • SHA256

      69394a249833f97289151fa8334f32e0b0467ce4ecb164b0706784fb836136a6

    • SHA512

      dbb943a00e2c24dc0926f36b81409d28789a10d20b8e4043b2545eff1daa74448bc324ada5376e582757ce3db916042747b7939648d8ed102fe2be305ffe872a

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Command-Line Interface

1
T1059

Discovery

System Information Discovery

1
T1082

Tasks