General

  • Target

    zYqJmECKmhz499J.tar.lz

  • Size

    637KB

  • Sample

    220127-qylwzseac8

  • MD5

    5eaa5cab3c863997696362aace3316b4

  • SHA1

    33fe75c7113585c9fc858fbc59b0d6c3ac0aedd2

  • SHA256

    aa4fde12b9f19c7e808afcac87317972c6f6fec9b3a53e0bd80d2a02e7aed01f

  • SHA512

    213e2ce424c602a4aa4c3eb215b9a44764b4ca7f61aac21a7c09753c92aaad2f1edd07c518623f0bc1091f5962f7b01dc750a999f8f22650dd686c495e5270c5

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

uegp

Decoy

firstregaljewellers.com

highgateshop.com

sorialab4.online

kurzneck.com

zonetechservices.com

akibul.net

khukhuanphongkham.com

lovelessneilsen.online

scholarlyresearch-guide.net

jagodda.com

comitivatratando.com

ynqjnx.com

rodarle.xyz

heroesjourneynft.com

weltreise.xyz

enstao.com

istilllmail.com

malayaoudh.com

xsdgia.com

palisadeslodging.com

Targets

    • Target

      zYqJmECKmhz499J.exe

    • Size

      1.1MB

    • MD5

      54a60fa86dd57e95fc68c25d2d2949a7

    • SHA1

      cac7af8b3cdeb3bc61593311f3a6851c82d01a69

    • SHA256

      b2bd364a32ee75888d9343bfc3a16b9eb58151fd94b4f3c38890f6ba2256b2e8

    • SHA512

      b95cfb7209f92084d0a70126e123d009f5b170a5526eeefcebeae136779952a02a90e4f799b18759ab21fd9c4277234cbba24f0d81b23d183dddebe49d61a692

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks