General

  • Target

    payment proof.exe

  • Size

    493KB

  • Sample

    220731-cvpxksddg6

  • MD5

    5761413bffd820c6eada5b1e818260c8

  • SHA1

    0c5f8e8c6de6a21c2e1659af85437bad13ca5f4d

  • SHA256

    63937c9c934258896ea48860dca52f4e3b3838221798a688d3b7b5b4dfe0e2be

  • SHA512

    c859769c25f0027e48a18260addab4b58aea319a652d49eac5dccd9ae515ad877f115f257aa5208e1742260eb328236f3ed7f726e933779a383e8b14b3ab34b7

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d27e

Decoy

yourfitplan.online

the-arches.wales

shesashemale.com

genesisairsystemsltd.com

superpanoramas.com

kaixinzx.com

blockchainfacil.com

migstrip.online

fightfentanyl.net

triviabritannica.site

eineetnocni.xyz

danibrito.com

ghostmacro.com

livechat-online.site

adriftontonka.com

iloveuae.mobi

miaescorts.com

taxrulings.com

aobo123.top

nostosmma.com

Targets

    • Target

      payment proof.exe

    • Size

      493KB

    • MD5

      5761413bffd820c6eada5b1e818260c8

    • SHA1

      0c5f8e8c6de6a21c2e1659af85437bad13ca5f4d

    • SHA256

      63937c9c934258896ea48860dca52f4e3b3838221798a688d3b7b5b4dfe0e2be

    • SHA512

      c859769c25f0027e48a18260addab4b58aea319a652d49eac5dccd9ae515ad877f115f257aa5208e1742260eb328236f3ed7f726e933779a383e8b14b3ab34b7

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Command-Line Interface

1
T1059

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks