General

  • Size

    913KB

  • Sample

    220923-g92xxaddb8

  • MD5

    41568942a27e81c66ef8b9f0dd0721c9

  • SHA1

    d85a1f9be1d2ed1434440c002b276b88e08131bf

  • SHA256

    fefe6dfd1e895647098d6bce13f51d2708d1e85604a502fd1998d4b38a3c217d

  • SHA512

    e317aeec483795698e42ddc90a466db2f2b5748601ad061c942fb5cb6eebd9c92e4f3c8e57d33d6797e2ce7b2b009a8d06aaf1a000c64ae642ffe9408a097f7a

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sde7

Decoy

lolfilmfestival.com

pousdaobosque.com

tangierfilm.com

valuedassist.com

qcrluxuryrentals.com

poc4cloudx.com

irizh.art

flowsever.com

serios-lifestyle.com

abc-diomain.com

bmwoemwarehouse.com

vivelamoda.com

thesycorax.online

goodjob129.com

hudyeanamaze.com

pabcp.com

millennialworkouts.com

gpcr-compound-library.com

rotyupin.xyz

hnkcsm.com

Targets

    • Target

      fefe6dfd1e895647098d6bce13f51d2708d1e85604a502fd1998d4b38a3c217d

    • Size

      913KB

    • MD5

      41568942a27e81c66ef8b9f0dd0721c9

    • SHA1

      d85a1f9be1d2ed1434440c002b276b88e08131bf

    • SHA256

      fefe6dfd1e895647098d6bce13f51d2708d1e85604a502fd1998d4b38a3c217d

    • SHA512

      e317aeec483795698e42ddc90a466db2f2b5748601ad061c942fb5cb6eebd9c92e4f3c8e57d33d6797e2ce7b2b009a8d06aaf1a000c64ae642ffe9408a097f7a

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation