General

  • Target

    Unpaid INV - 100989907.exe

  • Size

    841KB

  • Sample

    220126-pz7peadcf4

  • MD5

    0712797b0df1703c5e5b26ea41d4a372

  • SHA1

    3bede1b0d160e9a2c8b96d4f6ec041adf32a25f9

  • SHA256

    37cef8b492b98e4b153f135f697bc9830f7f0c5a590d4f2bba69cf3f2cb95608

  • SHA512

    2f2b48eb417f78216c124395fea76bee7ea2fc216c3874ed54e884748758dc86882c6b85b073751370e3b8c5400b0c0cb961da5c67eadce61cbdf5481a5442a8

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

j20n

Decoy

fruitcocktail.xyz

aigentz.com

autocatalyst.net

isaffathir.com

kswissukonline.com

rosiewhalenfamily.com

inviolablenfts.com

mfsg.financial

agentkore.com

thenoct.com

riben100.com

orderlaespigabakery.com

akizur.com

stanfec.xyz

lifecaresportsandfitness.com

thehappyapeclub.com

450ewaterside1302.info

starlingdata.com

dopekidshat.com

foxandfableweddings.com

Targets

    • Target

      Unpaid INV - 100989907.exe

    • Size

      841KB

    • MD5

      0712797b0df1703c5e5b26ea41d4a372

    • SHA1

      3bede1b0d160e9a2c8b96d4f6ec041adf32a25f9

    • SHA256

      37cef8b492b98e4b153f135f697bc9830f7f0c5a590d4f2bba69cf3f2cb95608

    • SHA512

      2f2b48eb417f78216c124395fea76bee7ea2fc216c3874ed54e884748758dc86882c6b85b073751370e3b8c5400b0c0cb961da5c67eadce61cbdf5481a5442a8

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks