General

  • Target

    67b547b2ca77306c8036fd20ca89a40a

  • Size

    836KB

  • Sample

    220126-splwqsehf6

  • MD5

    67b547b2ca77306c8036fd20ca89a40a

  • SHA1

    b7d8a6012df371ee276c901aafc1b5b21d62a1a0

  • SHA256

    4102936b0b54529eb3be257a0ed5a222149bf146da96cd75b77e1dd2be614f9b

  • SHA512

    a4221ea9ed99339b069a23e00f60209ac99ffe178061fd1682cc7fdc33767e1f90867d5ecf24ccd16bbcf5b6c3acfb30527c98523a6d05ea45f189969361bcd4

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m8g9

Decoy

jimmycamel.com

bestinvilnius.com

diana-jarvis.com

manabitown.net

luxuryremyhair.com

cavesage.com

wholequote.space

truckdrivingfuture.xyz

ptcouponspt.com

stainthree-shift.space

universalstaffingpros.com

alibi-music.com

iqjlylro.com

pinterestservice.com

soolehayeiran.com

youngplatformpro.com

fidelitysafesecure.com

af258.wine

theblissdynamic.com

aliciabrooksenglishmastiff.com

Targets

    • Target

      67b547b2ca77306c8036fd20ca89a40a

    • Size

      836KB

    • MD5

      67b547b2ca77306c8036fd20ca89a40a

    • SHA1

      b7d8a6012df371ee276c901aafc1b5b21d62a1a0

    • SHA256

      4102936b0b54529eb3be257a0ed5a222149bf146da96cd75b77e1dd2be614f9b

    • SHA512

      a4221ea9ed99339b069a23e00f60209ac99ffe178061fd1682cc7fdc33767e1f90867d5ecf24ccd16bbcf5b6c3acfb30527c98523a6d05ea45f189969361bcd4

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

1
T1082

Tasks