General

  • Target

    uorr23190.exe

  • Size

    249KB

  • Sample

    211015-qg9xgsbaa6

  • MD5

    28e013c2654f47916f1a62cf09308cad

  • SHA1

    fa785ccc69ec30254ee9b81f87dca6764350075e

  • SHA256

    fa5502396dc7ec0fc5508d901eb8b3e555558cdbaff338a1911db0edd4563b78

  • SHA512

    69c2de2dd642e287a956baf250ebe592b00b93295600006232fe69e473dcd2dc350df2b0ecb7f92a3d0a20e35f8951bd8e25e6290bcf629df97e326e738f16ca

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rv9n

C2

http://www.cjspizza.net/rv9n/

Decoy

olivia-grace.show

zhuwww.com

keiretsu.xyz

olidnh.space

searuleansec.com

2fastrepair.com

brooklynmetalroof.com

scodol.com

novaprint.pro

the-loaner.com

nextroundscap.com

zbwlggs.com

internetautodealer.com

xn--tornrealestate-ekb.com

yunjiuhuo.com

skandinaviskakryptobanken.com

coxivarag.rest

ophthalmologylab.com

zzzzgjcdbqnn98.net

doeful.com

Targets

    • Target

      uorr23190.exe

    • Size

      249KB

    • MD5

      28e013c2654f47916f1a62cf09308cad

    • SHA1

      fa785ccc69ec30254ee9b81f87dca6764350075e

    • SHA256

      fa5502396dc7ec0fc5508d901eb8b3e555558cdbaff338a1911db0edd4563b78

    • SHA512

      69c2de2dd642e287a956baf250ebe592b00b93295600006232fe69e473dcd2dc350df2b0ecb7f92a3d0a20e35f8951bd8e25e6290bcf629df97e326e738f16ca

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks