General

  • Target

    a68cb3bf1d9d41e29fcf2e4391e827591e58783cea5a13fe95403fb6b3429b5d

  • Size

    345KB

  • Sample

    211014-js1dvsgebr

  • MD5

    739db143a714b168ad4250a12a903a91

  • SHA1

    0e16e00f6fd173672e5e70797a1b063399d373d8

  • SHA256

    a68cb3bf1d9d41e29fcf2e4391e827591e58783cea5a13fe95403fb6b3429b5d

  • SHA512

    09a5436fe70035fc2225729db560eba215027ca709df7e2050aa7f3f40bf9d5b94499e3e23bb646bcf64fb3199a553d51751998aab4a243eeb2877b6c5b64e37

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vngb

C2

http://www.gvlc0.club/vngb/

Decoy

omertalasvegas.com

payyep.com

modasportss.com

gestionestrategicadl.com

teamolemiss.club

geektranslate.com

versatileventure.com

athletic-hub.com

vitanovaretreats.com

padison8t.com

tutoeasy.com

ediblewholesale.com

kangrungao.com

satode.com

prohibitionfeeds.com

getmorevacations.com

blinkworldbeauty.com

kdlabsallr.com

almanasef.com

transportationservicellc.com

Targets

    • Target

      a68cb3bf1d9d41e29fcf2e4391e827591e58783cea5a13fe95403fb6b3429b5d

    • Size

      345KB

    • MD5

      739db143a714b168ad4250a12a903a91

    • SHA1

      0e16e00f6fd173672e5e70797a1b063399d373d8

    • SHA256

      a68cb3bf1d9d41e29fcf2e4391e827591e58783cea5a13fe95403fb6b3429b5d

    • SHA512

      09a5436fe70035fc2225729db560eba215027ca709df7e2050aa7f3f40bf9d5b94499e3e23bb646bcf64fb3199a553d51751998aab4a243eeb2877b6c5b64e37

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks