General

  • Target

    hussanbinzx.exe

  • Size

    400KB

  • Sample

    220209-laxw5ahgd4

  • MD5

    cb5cd9f8250eaf3861f8774f431032b4

  • SHA1

    1de8f273480f80f18d070f1f71aa722923759137

  • SHA256

    7357d3e9a33b53dcaf335fecb11100acf0fbeeec2ebf668634de7cd1ba931ae1

  • SHA512

    f7b4bc3996fee5fa1606a85f3d3cce6a1dbd6f14a133c81db0061b91528fc36c9856bd684b5d111ad387fff539720391fc2afd52c3b5803a7e192471a21e74cc

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k2i4

Decoy

apehangersbikersgang.com

lhcgrou.com

diveidf.com

timtas.store

jadebody.club

iamjbrussell.com

fwfuv.icu

picchealth.net

batuair.com

z58609.com

punarecotech.com

a-oct.com

xn--wmq0c1qt9mcxhxjkp16a.top

district99.net

5dcoding.com

aripagripoff.biz

abtheagent.com

betterskincareco.com

jsskylight.com

deviseoffice.com

Targets

    • Target

      hussanbinzx.exe

    • Size

      400KB

    • MD5

      cb5cd9f8250eaf3861f8774f431032b4

    • SHA1

      1de8f273480f80f18d070f1f71aa722923759137

    • SHA256

      7357d3e9a33b53dcaf335fecb11100acf0fbeeec2ebf668634de7cd1ba931ae1

    • SHA512

      f7b4bc3996fee5fa1606a85f3d3cce6a1dbd6f14a133c81db0061b91528fc36c9856bd684b5d111ad387fff539720391fc2afd52c3b5803a7e192471a21e74cc

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks