bc5af6d6aa8b703a81fe8ba15788bf4de8bc9f5c69d300eb15559df8960b3232

General
Target

bc5af6d6aa8b703a81fe8ba15788bf4de8bc9f5c69d300eb15559df8960b3232

Size

502KB

Sample

220521-xev4waehdk

Score
10 /10
MD5

7101fce5a4db622570268cdb05a1fc42

SHA1

c6b7526738e5ac5068f8e070e8336cb4c1960ceb

SHA256

bc5af6d6aa8b703a81fe8ba15788bf4de8bc9f5c69d300eb15559df8960b3232

SHA512

9b7fa9b2aaf112d702cc65ab08c13f7b6815a4429d32b84c72efd8f773e96c55ab4d7372e80d343a7f2b5480baddb09cabd811135b2436cb2e44521e8793779a

Malware Config

Extracted

Family formbook
Version 4.1
Campaign 3nop
Decoy

bakecakesandmore.com

shenglisuoye.com

chinapopfactory.com

ynlrhd.com

liqourforyou.com

leonqamil.com

meccafon.com

online-marketing-strategie.biz

rbfxi.com

frseyb.info

leyu91.com

hotsmail.today

beepot.tech

dunaemmetmobility.com

sixpenceworkshop.com

incrediblefavorcoaching.com

pofo.info

yanshudaili.com

yellowbrickwedding.com

paintpartyblueprint.com

capricorn1967.com

meucarrapicho.com

41230793.net

yoghurtberry.com

wv0uoagz0yr.biz

yfjbupes.com

mindfulinthemadness.com

deloslifesciences.com

adokristal.com

vandergardetuinmeubelshop.com

janewagtus.com

cloudmorning.com

foresteryt01.com

accident-law-yer.info

divorcerefinance.guru

wenxiban.com

589man.com

rockerdwe.com

duftkerzen.info

igametalent.com

yoursafetraffictoupdates.review

jialingjiangpubu.com

maximscrapbooking.com

20sf.info

shadowlandswitchery.com

pmbnc.info

shoppingdrift.online

potashdragon.com

ubkswmpes.com

064ewj.info

Targets
Target

Attached is list of our purchase order.exe

MD5

51c0b8ed8fefbc54a2dee932441e60f5

Filesize

1018KB

Score
10/10
SHA1

f1725101ee1c02864a3e829d08d9062d9f05a694

SHA256

ab654da16e2c42b2547b884c79f0829214b34e0d1db7ab0ad23271a66f3298c3

SHA512

1d596345a1e54f24de8e2b2d086eed00ec822caab7b985abae37df15d300419ef0e0dc81d7154b73c89a2fa74b9fecc4d42f7fb09f56cb0e33e415056baf8804

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • Formbook Payload

    Tags

  • Adds policy Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Privilege Escalation