acc4d8e95dd29d9938aa45721d589407dd9e2712e6035d620068709c1bbe600e

General
Target

acc4d8e95dd29d9938aa45721d589407dd9e2712e6035d620068709c1bbe600e

Size

241KB

Sample

220521-xew16sbeg6

Score
10 /10
MD5

45b61bca34efec06eba0469fe2003b55

SHA1

a2c05569f3205d6d682ea409293469867489f729

SHA256

acc4d8e95dd29d9938aa45721d589407dd9e2712e6035d620068709c1bbe600e

SHA512

eda1cafbb7c3497e009feabe99d157b8a392b401ee9a96589e9ea3d375ec5796f81b1a8e092a77750f92f601b15bc84d7df2495b7390f40c3b896a46cd1d1224

Malware Config

Extracted

Family formbook
Version 4.1
Campaign n7ak
Decoy

audereventur.com

huro14.com

wwwjinsha155.com

antiquevendor.com

samuraisoulfood.net

traffic4updates.download

hypersarv.com

rapport-happy-wedding.com

rokutechnosupport.online

allworljob.com

hanaleedossmann.com

kauai-marathon.com

bepbosch.com

kangen-international.com

zoneshopemenowz.com

belviderewrestling.com

ipllink.com

sellingforcreators.com

wwwswty6655.com

qtumboa.com

bazarmoney.net

librosdecienciaficcion.com

shopmomsthebomb.com

vanjacob.com

tgyaa.com

theporncollective.net

hydrabadproperties.com

brindesecologicos.com

sayagayrimenkul.net

4btoken.com

shycedu.com

overall789.top

maison-pierre-bayle.com

elitemediamasters.com

sharmasfabrics.com

hoshamp.com

myultimateleadgenerator.com

office4u.info

thaimart1.com

ultimatewindowusa.com

twoblazesartworks.com

airteloffer.com

shoupaizhao.com

741dakotadr.info

books4arab.net

artedelcioccolato.biz

tjqcu.info

teccoop.net

maturebridesdressguide.com

excelcapfunding.com

Targets
Target

products samples.exe

MD5

e64f048c8c196195443a74e911748666

Filesize

494KB

Score
10/10
SHA1

42d24e14f852afba26c793bf4063ad80f581452a

SHA256

cbb6d89187847aab1fcff6b5d832ea80bca30bfe5520702133cab83335392ead

SHA512

0101a9d60cfbf7dbabf5e7c3d119c12bd5774926387fb51606e5715ee80554c8311b5bc2060e4a329199a696799a593b8a7b4af9315c06a009228e3832e56f75

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (POST) M2

    Description

    suricata: ET MALWARE FormBook CnC Checkin (POST) M2

    Tags

  • Formbook Payload

    Tags

  • Adds policy Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Privilege Escalation