General

  • Target

    8220676316.zip

  • Size

    1.1MB

  • Sample

    221017-tz2klscefl

  • MD5

    364a967fca587e33be3d986b3c9c1233

  • SHA1

    e37a287d1a1f3e302cc0769e1af587c96ec4f017

  • SHA256

    9b0bfd03394e34336bb2dc5bc9001243a95c553ca2cdaf3d79820787a4e39226

  • SHA512

    92d35f7268ac66c8f9040f83a2b7ef74753c4613b93d95fb72ccc94213835451f6d7a9248e479e11dd4495a969ea07abb2277967cd82f14b47799160cb29e038

  • SSDEEP

    24576:67vvgc2hRHdDbIL5R+CZ4v0ibL+0iLuWTvFrf05n9t3ns+ijPk4a26q:67Ic2hHDm5R+Ea6dHbFm9FgjPDa26q

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

je14

Decoy

innervisionbuildings.com

theenergysocialite.com

565548.com

panghr.com

onlyonesolutions.com

stjohnzone6.com

cnotes.rest

helfeb.online

xixi-s-inc.club

easilyentered.com

theshopx.store

mrclean-ac.com

miamibeachwateradventures.com

jpearce.co.uk

seseragi-bunkou.com

minimaddie.com

commbank-help-849c3.com

segohandelsonderneming.com

namthanhreal.com

fototerapi.online

Targets

    • Target

      jetsjets6654.exe

    • Size

      1.2MB

    • MD5

      957242e6d5769a32406189f7f05f50af

    • SHA1

      42297b45d76f9c475842fe6cbc60426aea470d8c

    • SHA256

      3eeec1884c0a7d2c7c49991d08bcf731f563fd55faff77cf02b5c6f73f34b5f1

    • SHA512

      e812a0d87b4c3af2bc2f7c25cb11256414a1b9577e405f8e0cfa86384bbdb998da21fdd015c17c57188db4e107b746acc0d579504b81050c6e1af05b101c305a

    • SSDEEP

      24576:iAOcZXp00Sjm2GbobhjkmK3cLSzv7w84UopeOH+2UNUquptQZCU:oDl44U3hvUUbJZupXU

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks