General

  • Target

    d1eddd348ee11e3da00c9f45fa1fb94e3b174c8abe780a7d764bd22f62980e8e.exe

  • Size

    404KB

  • Sample

    220127-wqhr9aggbn

  • MD5

    ac889675aa282449205f31cd4f46f3d6

  • SHA1

    50115144e96337ed3bfe27480a82300002310400

  • SHA256

    d1eddd348ee11e3da00c9f45fa1fb94e3b174c8abe780a7d764bd22f62980e8e

  • SHA512

    3a32641a515063fa9d062fa78a778f5f05088707af2a431904c37a0d772145e02617a172be9a74fe65c64b4b3e3dcca82aedf351ccbc4bb5b22e29a0ad6742dd

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jy93

Decoy

alexito.space

shitsthebalm.com

margaritavillemelbourne.com

vonahk.xyz

1960lawn.com

augustacrim.com

bancopec.com

batrainingstudio.com

kokofleks.store

w4-form-irs.com

putnamob.com

mickeysmotors.com

8181yd.com

wedmecreation.com

mischianti.com

gskpop.com

douvip303.com

unlimitedlyfestylez.com

originophthalmics.com

oandazx86.xyz

Targets

    • Target

      d1eddd348ee11e3da00c9f45fa1fb94e3b174c8abe780a7d764bd22f62980e8e.exe

    • Size

      404KB

    • MD5

      ac889675aa282449205f31cd4f46f3d6

    • SHA1

      50115144e96337ed3bfe27480a82300002310400

    • SHA256

      d1eddd348ee11e3da00c9f45fa1fb94e3b174c8abe780a7d764bd22f62980e8e

    • SHA512

      3a32641a515063fa9d062fa78a778f5f05088707af2a431904c37a0d772145e02617a172be9a74fe65c64b4b3e3dcca82aedf351ccbc4bb5b22e29a0ad6742dd

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks