General

  • Target

    f6c8a8e5346a698e0733248a0ec6e323

  • Size

    320KB

  • Sample

    220806-hwhsjsecg6

  • MD5

    f6c8a8e5346a698e0733248a0ec6e323

  • SHA1

    6e0be3bcd53afae69635fdecb1b7f350f9306563

  • SHA256

    fc6dd1debc45ce8b420b281bda6fdf1bc103e4c977009a954924ca50d95bd7ba

  • SHA512

    076578e7d60d26215fb7f43b58873abda5ee83bf31d8969b0a0ca9a8bdf91774487ece9d6ffb6a32c57154269d84f9ac2c3926bc76e944b87c59fc9f2d5dfd84

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

eni9

Decoy

serenatutino.com

oshuncleaningservices.com

themodernring.com

elhoodurbano.com

borntobeabrand.com

wingene168.com

raising.cloud

kumen.store

azdistribution.store

myrecordingapp.com

minshu.info

zhongxiangxinge.com

linentemptation.com

corealestatevideo.com

carpection.com

mompreneur.services

ent34.com

udicoin.net

trulyclassical.com

paraalemdatela.com

Targets

    • Target

      f6c8a8e5346a698e0733248a0ec6e323

    • Size

      320KB

    • MD5

      f6c8a8e5346a698e0733248a0ec6e323

    • SHA1

      6e0be3bcd53afae69635fdecb1b7f350f9306563

    • SHA256

      fc6dd1debc45ce8b420b281bda6fdf1bc103e4c977009a954924ca50d95bd7ba

    • SHA512

      076578e7d60d26215fb7f43b58873abda5ee83bf31d8969b0a0ca9a8bdf91774487ece9d6ffb6a32c57154269d84f9ac2c3926bc76e944b87c59fc9f2d5dfd84

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks