General

  • Target

    pagamento.exe

  • Size

    480KB

  • Sample

    220725-k43tssbgdm

  • MD5

    3a4002d3317631eeb1f881895c271133

  • SHA1

    58d85737183dd1412346d998f9d9002d287f7fdc

  • SHA256

    c209e51fed2f08a97ab57e446aedeef9c5fe68f8a4945545d38409990ab99e99

  • SHA512

    abf2fa8a41a05fb536511ad028bc65cf87c661ae4e3be7eda6dedce9bbd168522f81cc501207b0fc5883d28b6a1c23389ef411426884366d2fe6e5c310cfb851

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

nt19

Decoy

myryanhair.com

quadrants.site

uavhiring.com

amqzoqn.com

883996.xyz

ahwconsultinggroup.com

gdgsjl.com

eye-catcher.site

milestoninternet.com

1weekweightloss.com

donghwacos.com

betpipo31.com

novelty.mobi

vo3t1n1pt.com

pronodes.pro

satserdova.com

thekagaz.com

aisopus.com

nelsonwldwide.com

alberguedawebb.makeup

Targets

    • Target

      pagamento.exe

    • Size

      480KB

    • MD5

      3a4002d3317631eeb1f881895c271133

    • SHA1

      58d85737183dd1412346d998f9d9002d287f7fdc

    • SHA256

      c209e51fed2f08a97ab57e446aedeef9c5fe68f8a4945545d38409990ab99e99

    • SHA512

      abf2fa8a41a05fb536511ad028bc65cf87c661ae4e3be7eda6dedce9bbd168522f81cc501207b0fc5883d28b6a1c23389ef411426884366d2fe6e5c310cfb851

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks