aec8a50a932ca187c7c0745772ac12db

General
Target

aec8a50a932ca187c7c0745772ac12db

Size

896KB

Sample

220623-shv6tsdfdq

Score
10 /10
MD5

aec8a50a932ca187c7c0745772ac12db

SHA1

dcbc7db37f8840164f7979d6967020f245c9958a

SHA256

a700153db70dd52ea66a74fc09145bbcf39a8019a7d31f733e8ef204494ca6ab

SHA512

c017175f5ef00aad1b080c92cc9e6a70d2ef4a8a9c0a233c776922b15712b8196fe1b91f5007b461ed4090b2b0033fe5edfc1d912fae8160696c645589a02a9d

Malware Config

Extracted

Family formbook
Version 4.1
Campaign g2fg
Decoy

snowcrash.website

pointman.us

newheartvalve.care

drandl.com

sandspringsramblers.com

programagubernamental.online

boja.us

mvrsnike.com

mentallyillmotherhood.com

facom.us

programagubernamental.store

izivente.com

roller-v.fr

amazonbioactives.com

metaverseapple.xyz

5gt-mobilevsverizon.com

gtwebsolutions.co

scottdunn.life

usdp.trade

pikmin.run

cardano-dogs.com

bf2hgfy.xyz

teslafoot.com

rubertquintana.com

wellsfargroewards.com

santel.us

couponatonline.com

theunitedhomeland.com

pmstnly.com

strlocal.com

shelleysmucker.com

youser.online

emansdesign.com

usnikeshoesbot.top

starfish.press

scotwork.us

metamorgana.com

onyxbx.net

rivas.company

firstcoastalfb.com

onpurposetraumainformedcare.com

celimot.xyz

jecunikepemej.rest

lenovolatenightit.com

unitedsterlingcompanyky.com

safety2venture.us

facebookismetanow.com

scottdunn.review

mentallyillmotherhood.com

firstincargo.com

Targets
Target

aec8a50a932ca187c7c0745772ac12db

MD5

aec8a50a932ca187c7c0745772ac12db

Filesize

896KB

Score
10/10
SHA1

dcbc7db37f8840164f7979d6967020f245c9958a

SHA256

a700153db70dd52ea66a74fc09145bbcf39a8019a7d31f733e8ef204494ca6ab

SHA512

c017175f5ef00aad1b080c92cc9e6a70d2ef4a8a9c0a233c776922b15712b8196fe1b91f5007b461ed4090b2b0033fe5edfc1d912fae8160696c645589a02a9d

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Formbook Payload

    Tags

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1