General

  • Target

    aec8a50a932ca187c7c0745772ac12db

  • Size

    896KB

  • Sample

    220623-shv6tsdfdq

  • MD5

    aec8a50a932ca187c7c0745772ac12db

  • SHA1

    dcbc7db37f8840164f7979d6967020f245c9958a

  • SHA256

    a700153db70dd52ea66a74fc09145bbcf39a8019a7d31f733e8ef204494ca6ab

  • SHA512

    c017175f5ef00aad1b080c92cc9e6a70d2ef4a8a9c0a233c776922b15712b8196fe1b91f5007b461ed4090b2b0033fe5edfc1d912fae8160696c645589a02a9d

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g2fg

Decoy

snowcrash.website

pointman.us

newheartvalve.care

drandl.com

sandspringsramblers.com

programagubernamental.online

boja.us

mvrsnike.com

mentallyillmotherhood.com

facom.us

programagubernamental.store

izivente.com

roller-v.fr

amazonbioactives.com

metaverseapple.xyz

5gt-mobilevsverizon.com

gtwebsolutions.co

scottdunn.life

usdp.trade

pikmin.run

Targets

    • Target

      aec8a50a932ca187c7c0745772ac12db

    • Size

      896KB

    • MD5

      aec8a50a932ca187c7c0745772ac12db

    • SHA1

      dcbc7db37f8840164f7979d6967020f245c9958a

    • SHA256

      a700153db70dd52ea66a74fc09145bbcf39a8019a7d31f733e8ef204494ca6ab

    • SHA512

      c017175f5ef00aad1b080c92cc9e6a70d2ef4a8a9c0a233c776922b15712b8196fe1b91f5007b461ed4090b2b0033fe5edfc1d912fae8160696c645589a02a9d

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks