General

  • Target

    8283182984.zip

  • Size

    202KB

  • Sample

    221103-szz64sebhm

  • MD5

    e266d28b637cf92e8d582da32e476c51

  • SHA1

    6431afdb97ff75b4b3adf8d22bb28e9407ce6ac4

  • SHA256

    387ffb226814e27323556e1ba7a7491c40b75e90c22630a03bab23e0692edc38

  • SHA512

    c9adce2ec6a21b990d0b52d9aa07314c30b59592039339d21ce5f379fb402ae1bbd62d07431fc435479f5c2c04a4fe48fbfd092539cfe25686eaaac2b37b6fc9

  • SSDEEP

    3072:tNWaLQ1GhBkc5VMMFzvdMevxrPIIHenYwERNHkej20URTnQnf7RE8Dd90qrL1+2R:tp01a5zMMFp2IHeYwE0eC0U6S8DLnAG

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

je14

Decoy

innervisionbuildings.com

theenergysocialite.com

565548.com

panghr.com

onlyonesolutions.com

stjohnzone6.com

cnotes.rest

helfeb.online

xixi-s-inc.club

easilyentered.com

theshopx.store

mrclean-ac.com

miamibeachwateradventures.com

jpearce.co.uk

seseragi-bunkou.com

minimaddie.com

commbank-help-849c3.com

segohandelsonderneming.com

namthanhreal.com

fototerapi.online

Targets

    • Target

      jetsoff6543.exe

    • Size

      214KB

    • MD5

      3052597dc463bafa0c102a204dbf58fc

    • SHA1

      bc083a8e34abfc24ea8b94b1325354ea2f4a08bb

    • SHA256

      84a150ec171d193dbd5738ade685f3225716b6945e59625ce458f0a9069860b8

    • SHA512

      9925797cf5061017bcfbf37ab968c0ddeda7e7abd6d2db8abb62aeb6ca0a711672b1cfd9c8a3ef7af07cedc9b7a4d8d0071a2371caabaacd9323d270ab6d4246

    • SSDEEP

      6144:qweEpoJiPJhQxjr858KG3NLsJrdtvUlAg:boJi0xnYUaJpx5g

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Tasks