General

  • Target

    Quotation.exe

  • Size

    681KB

  • Sample

    211015-czay8abbgl

  • MD5

    ac60641d19eddddd9333246ec6f44854

  • SHA1

    c43fa84b2cb0f48d35c02e6e8d7d1e38052e744a

  • SHA256

    ad5677c0ff91bf9debb1932f70d7437417598d9af986e44395559635dd4285b8

  • SHA512

    eddfad06e4b4d5f33dd2ae38413121ace4bf1695d5b4c37a8f4a1a4ae9f55170182c88805327c902246b5ac640aac0af84c42092f3c4ab625f816d4d3c93380a

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gt4l

C2

http://www.dlsair.com/gt4l/

Decoy

livewithangelavaladez.xyz

pdla1oorf7.com

edroi.com

prysodt.xyz

yacht-chi7-sanlorenzo.com

worenocy.com

sprayfoamsave.com

felipelourenco.online

thisnthatpaithailand.com

troyl.ink

apptohealth.com

colectivasolar.net

gljsbq.com

futsunoossan.com

fairmountuniversity.com

schaff-smart-solutions.gmbh

releasingpro.com

katiescarlettartist.com

netskopesecurity.com

erfdj.net

Targets

    • Target

      Quotation.exe

    • Size

      681KB

    • MD5

      ac60641d19eddddd9333246ec6f44854

    • SHA1

      c43fa84b2cb0f48d35c02e6e8d7d1e38052e744a

    • SHA256

      ad5677c0ff91bf9debb1932f70d7437417598d9af986e44395559635dd4285b8

    • SHA512

      eddfad06e4b4d5f33dd2ae38413121ace4bf1695d5b4c37a8f4a1a4ae9f55170182c88805327c902246b5ac640aac0af84c42092f3c4ab625f816d4d3c93380a

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Formbook Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks