General

  • Target

    jets4431.exe

  • Size

    1.1MB

  • Sample

    220928-hcw6tsgcfr

  • MD5

    71415d61dd3a653e017514280a4e05c4

  • SHA1

    89bed5f613401c5816f3b22816f84d5f8067db3b

  • SHA256

    3ab1cc60bd5dca00fc6cad5cf3c0a7cccea610b20027c9db6b45f0b41860fba5

  • SHA512

    971407b4327c3a9fe1ff76f0ec84874522865ae08f338ec0985a1ef78066a59412d323a4a2731d33dec129c89355b7aa95fe36f4425db8ad6ea1151f5b9c2098

  • SSDEEP

    24576:UAOcZXcxP61ptWw+avL8pnp3qY7daGAuvZG31RMaas/xmR:CH+tWw+S8D3r70QA3XM9n

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

je14

Decoy

innervisionbuildings.com

theenergysocialite.com

565548.com

panghr.com

onlyonesolutions.com

stjohnzone6.com

cnotes.rest

helfeb.online

xixi-s-inc.club

easilyentered.com

theshopx.store

mrclean-ac.com

miamibeachwateradventures.com

jpearce.co.uk

seseragi-bunkou.com

minimaddie.com

commbank-help-849c3.com

segohandelsonderneming.com

namthanhreal.com

fototerapi.online

Targets

    • Target

      jets4431.exe

    • Size

      1.1MB

    • MD5

      71415d61dd3a653e017514280a4e05c4

    • SHA1

      89bed5f613401c5816f3b22816f84d5f8067db3b

    • SHA256

      3ab1cc60bd5dca00fc6cad5cf3c0a7cccea610b20027c9db6b45f0b41860fba5

    • SHA512

      971407b4327c3a9fe1ff76f0ec84874522865ae08f338ec0985a1ef78066a59412d323a4a2731d33dec129c89355b7aa95fe36f4425db8ad6ea1151f5b9c2098

    • SSDEEP

      24576:UAOcZXcxP61ptWw+avL8pnp3qY7daGAuvZG31RMaas/xmR:CH+tWw+S8D3r70QA3XM9n

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks