General

  • Target

    56e8e3a2d3330298f144767f1ef320fc3ecd1a968d47e8308486018dc224ea00

  • Size

    624KB

  • Sample

    220725-bpvefahaer

  • MD5

    0c67efeca56fee9e1978a87161db87ad

  • SHA1

    e54fa09cd9d897b8490de36033488c8c99687f82

  • SHA256

    56e8e3a2d3330298f144767f1ef320fc3ecd1a968d47e8308486018dc224ea00

  • SHA512

    3fb9dee3f078c28d8cf5f288a26e136b6a3f7664bec2b33d1f6835c367511a1e0cb1830318461d5003182c7fee3b3c5f64e54769db2d3c4b4fef591e5b3d3a95

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

et

Decoy

filmeedt06.com

getbrave.net

tdshome.com

audioteck.net

eplogovi.com

verywedding.net

biqiba.com

learnandunderstand.science

jsgxcxae.com

9aop4k.link

laceycphotography.com

ldbberendsenreading.com

life365coaching.com

ambercampbell.photography

activeliberal.win

tupelocounseling.com

finovice.com

fantatressette.com

sojah.store

qhdljj.com

Targets

    • Target

      56e8e3a2d3330298f144767f1ef320fc3ecd1a968d47e8308486018dc224ea00

    • Size

      624KB

    • MD5

      0c67efeca56fee9e1978a87161db87ad

    • SHA1

      e54fa09cd9d897b8490de36033488c8c99687f82

    • SHA256

      56e8e3a2d3330298f144767f1ef320fc3ecd1a968d47e8308486018dc224ea00

    • SHA512

      3fb9dee3f078c28d8cf5f288a26e136b6a3f7664bec2b33d1f6835c367511a1e0cb1830318461d5003182c7fee3b3c5f64e54769db2d3c4b4fef591e5b3d3a95

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Formbook payload

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

4
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks