General

  • Target

    SecuriteInfo.com.Trojan.Garf.Gen.7.4898.19865.exe

  • Size

    214KB

  • Sample

    221025-qqnevacgg8

  • MD5

    6b3d29a22eeea61a865cd1deaef52404

  • SHA1

    2dece08d70ac3a0d45c48d452a0c30a1e53b72e9

  • SHA256

    b4894e0512db4aba5a1fd05d2415b5ad5f73474d456c9c9ddba8753e5ba37597

  • SHA512

    bb16350dc81183e1f95c5d5a320bbfbc7a601f59430aa0436584b8f01e2d014229f60f0eddcf9186edbc01af71b2a4a79b01320e09867b0749a718f6ba0752d6

  • SSDEEP

    6144:qweEpIIIg4H0ppuob6GzeFAQeKjGiaRhIsmN5cxPqO3r:btIdH0Z6GSOQeKqiAhIGCg

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

je14

Decoy

innervisionbuildings.com

theenergysocialite.com

565548.com

panghr.com

onlyonesolutions.com

stjohnzone6.com

cnotes.rest

helfeb.online

xixi-s-inc.club

easilyentered.com

theshopx.store

mrclean-ac.com

miamibeachwateradventures.com

jpearce.co.uk

seseragi-bunkou.com

minimaddie.com

commbank-help-849c3.com

segohandelsonderneming.com

namthanhreal.com

fototerapi.online

Targets

    • Target

      SecuriteInfo.com.Trojan.Garf.Gen.7.4898.19865.exe

    • Size

      214KB

    • MD5

      6b3d29a22eeea61a865cd1deaef52404

    • SHA1

      2dece08d70ac3a0d45c48d452a0c30a1e53b72e9

    • SHA256

      b4894e0512db4aba5a1fd05d2415b5ad5f73474d456c9c9ddba8753e5ba37597

    • SHA512

      bb16350dc81183e1f95c5d5a320bbfbc7a601f59430aa0436584b8f01e2d014229f60f0eddcf9186edbc01af71b2a4a79b01320e09867b0749a718f6ba0752d6

    • SSDEEP

      6144:qweEpIIIg4H0ppuob6GzeFAQeKjGiaRhIsmN5cxPqO3r:btIdH0Z6GSOQeKqiAhIGCg

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks