General

  • Target

    tmp

  • Size

    631KB

  • Sample

    221105-et5yhsdeh3

  • MD5

    7d6ff1922141c5a973665b8fbf23ad28

  • SHA1

    d3e359ba67218bc6ee10a87fb4e5f4d811f2b8cd

  • SHA256

    9c22f08fc1cbbb249b54adba03b6a03957cef4181c4161401085db2dd4383570

  • SHA512

    009cb7a687d11300a01ebf506abd0d91bc43b199ac8bea0155cfc9c86ae19640fbb2422ed4390ee2c0b4ffa7501849b6e225bbd25300d032e107e7a03baede7e

  • SSDEEP

    12288:AwhuJ1Qvhzps7LZ3CUlebztjq7dfaveSS8Ol7amatoVYX9csg87:zuJWs7LZoztjqTS5Ol7akVYXy5

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d06c

Decoy

douglasdetoledopiza.com

yxcc.online

primo.llc

mediamomos.com

cosmetiq-pro.com

22labs.tech

turbowashing.com

lindaivell.site

princess-bed.club

groundget.cfd

agretaminiousa.com

lomoni.com

nessesse.us

lexgo.cloud

halilsener.xyz

kirokubo.cloud

corotip.sbs

meghq.net

5y6s.world

weasib.online

Targets

    • Target

      tmp

    • Size

      631KB

    • MD5

      7d6ff1922141c5a973665b8fbf23ad28

    • SHA1

      d3e359ba67218bc6ee10a87fb4e5f4d811f2b8cd

    • SHA256

      9c22f08fc1cbbb249b54adba03b6a03957cef4181c4161401085db2dd4383570

    • SHA512

      009cb7a687d11300a01ebf506abd0d91bc43b199ac8bea0155cfc9c86ae19640fbb2422ed4390ee2c0b4ffa7501849b6e225bbd25300d032e107e7a03baede7e

    • SSDEEP

      12288:AwhuJ1Qvhzps7LZ3CUlebztjq7dfaveSS8Ol7amatoVYX9csg87:zuJWs7LZoztjqTS5Ol7akVYXy5

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks