General

  • Target

    Best quotations.exe

  • Size

    1.3MB

  • Sample

    221030-x3scwsgdhq

  • MD5

    7011f702f15e308ff767be16a05a2e67

  • SHA1

    7ca29e8daa2127e674c67287cd265c68a63e0be3

  • SHA256

    3d0400fb45ebf52e42f40e3c6c3c246a6c1e1550f8b974b848f57a4294084162

  • SHA512

    e31f3d7d61236806bf82c09ffcc4024420180b457c8afb40706d03158b0c7bfb53109d8c422053d4845925859b0cc13649057d111bfa6dee2d4b54fb8a32dd43

  • SSDEEP

    12288:AkgHCeMnTDHNXPxnpeb2DKoD9Pd9kXvVcfyPq9+RSLjA/f2LYr8YehtkdQ54mMSq:K7M3hDeb27Pd6VKZ1ubI1hF4mMSQO

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ng04

Decoy

tevimaq.com

easterspecialtystore.com

smartlever.tech

10312.uk

tanjawiharbi.co.uk

471338.com

horusventure.com

empress-care.com

sinrian.com

465951.com

aemsti.com

nxcourier.com

stargatefarms.com

lalyquainvestment.com

dailysportsadvice.com

justlistmoore.com

stoneonroll.online

tatianakolomiets.com

barcodebbm.com

protectorship.world

Targets

    • Target

      Best quotations.exe

    • Size

      1.3MB

    • MD5

      7011f702f15e308ff767be16a05a2e67

    • SHA1

      7ca29e8daa2127e674c67287cd265c68a63e0be3

    • SHA256

      3d0400fb45ebf52e42f40e3c6c3c246a6c1e1550f8b974b848f57a4294084162

    • SHA512

      e31f3d7d61236806bf82c09ffcc4024420180b457c8afb40706d03158b0c7bfb53109d8c422053d4845925859b0cc13649057d111bfa6dee2d4b54fb8a32dd43

    • SSDEEP

      12288:AkgHCeMnTDHNXPxnpeb2DKoD9Pd9kXvVcfyPq9+RSLjA/f2LYr8YehtkdQ54mMSq:K7M3hDeb27Pd6VKZ1ubI1hF4mMSQO

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks