General

  • Target

    f2b6d04e02cd293d0743c419211ce6b7

  • Size

    58KB

  • Sample

    220126-z42n3aaedm

  • MD5

    f2b6d04e02cd293d0743c419211ce6b7

  • SHA1

    6f0120d0f57162680a5951741c9befbe21ee7e6f

  • SHA256

    d44f233d2ef931ed5471cf2be98fb8c2afd6754200f6a46585c2b3114b05e133

  • SHA512

    bdbda94f442557de6752fe4806ec5ea9157e895006b6986817a6b1ca1c08d5c465290ee6eac90cb58c087afee973bf201ac4062fb22a13eaa8bdb15144b0f37c

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wieh

Decoy

rosevillepress.com

diegodeoviedo.com

karanganbungabandungcimahi.com

skeletonnation.net

tihudez.xyz

idaz2.xyz

highcaliberperformance.com

serfoe.com

envisioneyecare.net

bj-htjy360.com

turkiyeekonomiyikonusuyor.com

nationsassociation.online

matesmeltingpot.com

7haof.com

burkhardhomes.com

candyhunks.com

internationalafrican.school

harsors.com

themarketstore.xyz

yulmarket.com

Targets

    • Target

      f2b6d04e02cd293d0743c419211ce6b7

    • Size

      58KB

    • MD5

      f2b6d04e02cd293d0743c419211ce6b7

    • SHA1

      6f0120d0f57162680a5951741c9befbe21ee7e6f

    • SHA256

      d44f233d2ef931ed5471cf2be98fb8c2afd6754200f6a46585c2b3114b05e133

    • SHA512

      bdbda94f442557de6752fe4806ec5ea9157e895006b6986817a6b1ca1c08d5c465290ee6eac90cb58c087afee973bf201ac4062fb22a13eaa8bdb15144b0f37c

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks