General

  • Size

    342KB

  • Sample

    220923-g52rcadda9

  • MD5

    7569ad8644074e28a6a9dba38e67b95a

  • SHA1

    10e73d912b5a6955161213a5f9004988ca4030ac

  • SHA256

    15eb688bffed96b0b324724e48b258dc6c6deb76d71310b26b01e1e12f26108c

  • SHA512

    15fe965c6e8abeff8f9b064122be640a78ca459a45c06f0f99150f979909208ca66693fc96808dca007670a3ace96f32b375b6a591efdb10dc9d9e8b824cb3ae

Malware Config

Extracted

Family

formbook

Campaign

f4ca

Decoy

QYZ6iE9Y+CsiZpCBareS0uU=

N2FQLAaH6xXE

Vc6t0MQXN+Llxsqg

ElBedmSvYGGm6yLDhHqzAtmlCxWl

4VpIWShqHR5cpjfQ4bs=

mepO9miu/iFiQQ==

Z8Owqh54IlwEpDfQ4bs=

qcq4uT5HecWZG3EVwKTiUE7slrGQGiyo

IaYYoJikKDDqgV/NigZCLA==

4Xz5pfoCCW/76NnOUrFEOw==

xiijSkVJ3Yuh9OKDcmui/d2lCxWl

cr8MmfpCEu0ULsO3p6w=

JLm2yKHo7hdVb8O3p6w=

Hriy5svWm2Qfq9mPQib9jJI65gOr

2G3nkRpidunlxsqg

gPHUAeXmi8Q9ARy3

6l5WaOf8BxhQDkp5gKQ=

KHHiXs4WOqXZdPhpaw==

+UQ5Vz5O0Ms9ARy3

pNQygKu0OziAvjOHRGLnJA==

Targets

    • Target

      tmp

    • Size

      342KB

    • MD5

      7569ad8644074e28a6a9dba38e67b95a

    • SHA1

      10e73d912b5a6955161213a5f9004988ca4030ac

    • SHA256

      15eb688bffed96b0b324724e48b258dc6c6deb76d71310b26b01e1e12f26108c

    • SHA512

      15fe965c6e8abeff8f9b064122be640a78ca459a45c06f0f99150f979909208ca66693fc96808dca007670a3ace96f32b375b6a591efdb10dc9d9e8b824cb3ae

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Blocklisted process makes network request

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

    Execution

      Exfiltration

        Impact

          Initial Access

            Lateral Movement

              Persistence

                Privilege Escalation