General

  • Target

    Potvrda narudzbe u prilogu.exe

  • Size

    1001KB

  • Sample

    211014-j11plagecn

  • MD5

    1708ec34ff4cd862e935fec79966887b

  • SHA1

    79ea76f3939a052e58ca214b839a7c5431c42cb0

  • SHA256

    fe6bd626fd98e3c0e4a2c350e5d927398e22e7731e7c2e1f31bc02181735c4e0

  • SHA512

    8ab1d48386eab45c72a3de79a9f28a9502f60928dac03c41e20af1d686a081ada66a78372d47242535308bbe8bea17ccd1765c560a8343ea9a056eb503ff1cb5

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bc3s

C2

http://www.topei-products.com/bc3s/

Decoy

anna-ng.com

mariangelamata.com

szqnbl.com

nesherguitars.com

mysekrit.com

againbeautyviensui.xyz

appf.life

bilalsolution.com

technoratii.com

11restoran.com

birthingly.com

crystalcarrillo.com

cohenasset.info

bunchofdesign.com

highstreetmag.com

talentkerning.com

outdoor-glassesadvice.com

aliceeety.com

habbuhot.info

pao91.com

Targets

    • Target

      Potvrda narudzbe u prilogu.exe

    • Size

      1001KB

    • MD5

      1708ec34ff4cd862e935fec79966887b

    • SHA1

      79ea76f3939a052e58ca214b839a7c5431c42cb0

    • SHA256

      fe6bd626fd98e3c0e4a2c350e5d927398e22e7731e7c2e1f31bc02181735c4e0

    • SHA512

      8ab1d48386eab45c72a3de79a9f28a9502f60928dac03c41e20af1d686a081ada66a78372d47242535308bbe8bea17ccd1765c560a8343ea9a056eb503ff1cb5

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Formbook Payload

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks