General

  • Target

    311b93b14784397cf373e4e6a7dfe76df264b4899e734cfc8ef031c004506f86

  • Size

    255KB

  • Sample

    220521-px7avsgbf3

  • MD5

    08f9998951ebdb47b0144fe42b23c17a

  • SHA1

    890400560438c1ef42c6e99bd18a12164cf0299a

  • SHA256

    311b93b14784397cf373e4e6a7dfe76df264b4899e734cfc8ef031c004506f86

  • SHA512

    2ec2945c2ce419b59150905c7d79aa4b58c5ca205b760e054993097368ac5de5463686b88502a21ffa0b55b9b6442385d5d4595e31c15ea8a21b07087a091d03

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

eb96

Decoy

mcoutinhoparedes.seat

assestsmagazine.com

giveaway-4skaters.win

upgradetolifestyle.com

imagingnetworkri.net

51wwjf.com

hypstop.com

xn--aupetitsoindescurs-8jd.com

zhijipifu.com

lfqbzx.com

xn--fiqxlo3jzoe6w0e.com

ayhalo.com

rendcarparts.net

speekeesy.com

chillwalle.com

nama-no.com

spidermonkeytattoos.net

leaderhebei.com

syspatch.net

indigrup.com

Targets

    • Target

      DHLAWB TRACKING DETAILS..exe

    • Size

      300KB

    • MD5

      04b64453c95193d6cebe5b7d00915d75

    • SHA1

      4ab5e5fd31ab5d071ab09d8543ebe9551f63b2b1

    • SHA256

      967a6989b7dedfe073c92760bb62a30fa4348109a839d987fe9a0bce6d1d5f2d

    • SHA512

      ad1ab62df00b201d0893a001cc0d789b1b6a8c32a849d69fdc7620f3e2aedca426ba434386fcc513c0cf13eab66a1a0ebc5c146c33d7e2b1699367853414b3c0

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Formbook Payload

    • Adds policy Run key to start application

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

3
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks