General

  • Target

    7a39f705b79a26591fa930c917ebf37ac8f0394017521970a45cb8c49c3bbb65

  • Size

    839KB

  • Sample

    220126-q9w64addhn

  • MD5

    cdc3220cc6be8eb55796d538a32233d8

  • SHA1

    44a4112f85212f4be348c42710009fcec6337063

  • SHA256

    7a39f705b79a26591fa930c917ebf37ac8f0394017521970a45cb8c49c3bbb65

  • SHA512

    19a87701c03cce8056b361169526c830aad391ffea85849d1d69186354f032446126dcd373e11ea7d2b62dcde8bb84f8fd22f53e92d7b2a7f91bf170d98ef02b

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g2fg

Decoy

snowcrash.website

pointman.us

newheartvalve.care

drandl.com

sandspringsramblers.com

programagubernamental.online

boja.us

mvrsnike.com

mentallyillmotherhood.com

facom.us

programagubernamental.store

izivente.com

roller-v.fr

amazonbioactives.com

metaverseapple.xyz

5gt-mobilevsverizon.com

gtwebsolutions.co

scottdunn.life

usdp.trade

pikmin.run

Targets

    • Target

      7a39f705b79a26591fa930c917ebf37ac8f0394017521970a45cb8c49c3bbb65

    • Size

      839KB

    • MD5

      cdc3220cc6be8eb55796d538a32233d8

    • SHA1

      44a4112f85212f4be348c42710009fcec6337063

    • SHA256

      7a39f705b79a26591fa930c917ebf37ac8f0394017521970a45cb8c49c3bbb65

    • SHA512

      19a87701c03cce8056b361169526c830aad391ffea85849d1d69186354f032446126dcd373e11ea7d2b62dcde8bb84f8fd22f53e92d7b2a7f91bf170d98ef02b

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

1
T1082

Tasks