General

  • Target

    4717b002bcdf79dfe269e96efd0f0302.exe

  • Size

    844KB

  • Sample

    220801-m11alsgfgp

  • MD5

    4717b002bcdf79dfe269e96efd0f0302

  • SHA1

    1ab32e14b40d4647ee7b71afecddbd499a421244

  • SHA256

    387d6219bdf75b7bea9272ea9b862aae3a964808469a8489b040b8e2b93b62bc

  • SHA512

    899c375e4b5a8999a3a66432facb22aa8da3ce369092620afa15a10b10d22de1e91dbfe0b324dd577a58b4751c58070fbbbe03b7a5f6a7dfc39a0b94276a7234

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d27e

Decoy

lilysbusride.com

cloud-sechs.com

danpro.co.uk

wendoortech.com

playgroundrebellion.com

betventures.xyz

digimediasolution.net

abrahambetrayedus.com

whinefree.com

realeurolicence.com

makelovetrip.com

damediaagency.com

pinaralsan.com

5bobitw.com

shootingkarelia.online

website-staging.pro

manassadhvi.online

bathroomandkitcenking.com

realtormarket.net

dfysupport.com

Targets

    • Target

      4717b002bcdf79dfe269e96efd0f0302.exe

    • Size

      844KB

    • MD5

      4717b002bcdf79dfe269e96efd0f0302

    • SHA1

      1ab32e14b40d4647ee7b71afecddbd499a421244

    • SHA256

      387d6219bdf75b7bea9272ea9b862aae3a964808469a8489b040b8e2b93b62bc

    • SHA512

      899c375e4b5a8999a3a66432facb22aa8da3ce369092620afa15a10b10d22de1e91dbfe0b324dd577a58b4751c58070fbbbe03b7a5f6a7dfc39a0b94276a7234

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks