General

  • Target

    43e5b4d8f0e6ce3e201c1e829556ebd9f1a67806296180ed29dcdbf387afd19d

  • Size

    639KB

  • Sample

    220707-1argnseec6

  • MD5

    a8a83c5be8fac24c516269133b54356b

  • SHA1

    93f4b8f93bf8e1e4fa25e28c9f26e5043f915486

  • SHA256

    43e5b4d8f0e6ce3e201c1e829556ebd9f1a67806296180ed29dcdbf387afd19d

  • SHA512

    9615c3bfc64449a62a2492c935d5750c44f4d136013ba7cef407989d42c65749a7258b1f78d132c928e1e1a0b2863d0d34e9ba598be799e8f3ce82607cbb55ca

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

h35

Decoy

maraudersinc.com

liebianwangluo.com

visit-australia.info

machiyane-kasukabe.com

hafizclub.com

merkburn.net

favoritetraffic2updating.win

adrian-oeser.net

nkshopdomaincpplt234.info

imperiodofutebol.com

welometocaloundra.com

thehealthypose.com

squalloptna.com

bobknowsbest.com

damgproperties.com

wastemastershire.co.uk

swacballet.com

japanbreakingnews.com

bjufaa.info

aryakuza.com

Targets

    • Target

      43e5b4d8f0e6ce3e201c1e829556ebd9f1a67806296180ed29dcdbf387afd19d

    • Size

      639KB

    • MD5

      a8a83c5be8fac24c516269133b54356b

    • SHA1

      93f4b8f93bf8e1e4fa25e28c9f26e5043f915486

    • SHA256

      43e5b4d8f0e6ce3e201c1e829556ebd9f1a67806296180ed29dcdbf387afd19d

    • SHA512

      9615c3bfc64449a62a2492c935d5750c44f4d136013ba7cef407989d42c65749a7258b1f78d132c928e1e1a0b2863d0d34e9ba598be799e8f3ce82607cbb55ca

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Formbook payload

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks