General

  • Target

    RE CNHTC--PO confirmation7876765655545654.exe

  • Size

    1.1MB

  • Sample

    221123-w1f2eagd5z

  • MD5

    3fe6259ed37afe425f5062f917897fe8

  • SHA1

    1ee3b44562f12d7236ad8b635f282532a7586e7d

  • SHA256

    f875be79be10a88a9a5c815b0676cbfc58f48e7524f2e4d383b2d7ef63d2e306

  • SHA512

    ba748a8fd1fc131fdd634d6ef77ee5325e6ad15f719d21e7d3932e96222ec72f269ee516421ee9c240be21b847e5ba94e66111d974d1aefcfd4a038833824807

  • SSDEEP

    24576:OKoG74DjPRhmKOC9Gbnn32Nd/xCjqdOp:O074fPLmuAbnn32Nd/CqdO

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ned5

Decoy

asian-dating-42620.com

ttg06.com

cupandbelle.com

prepaidprocess.com

jrzkt.com

hdgby2.com

finnnann.com

chillpill-shoppygood.com

sfdgg.online

articlerewritertool.net

cdjxsculture.com

omnificare.info

lasafblanch.com

omaxfort.xyz

spk.info

shb1368.com

jewelry-10484.com

hubsp0t.com

shronky.com

yangjh34.com

Targets

    • Target

      RE CNHTC--PO confirmation7876765655545654.exe

    • Size

      1.1MB

    • MD5

      3fe6259ed37afe425f5062f917897fe8

    • SHA1

      1ee3b44562f12d7236ad8b635f282532a7586e7d

    • SHA256

      f875be79be10a88a9a5c815b0676cbfc58f48e7524f2e4d383b2d7ef63d2e306

    • SHA512

      ba748a8fd1fc131fdd634d6ef77ee5325e6ad15f719d21e7d3932e96222ec72f269ee516421ee9c240be21b847e5ba94e66111d974d1aefcfd4a038833824807

    • SSDEEP

      24576:OKoG74DjPRhmKOC9Gbnn32Nd/xCjqdOp:O074fPLmuAbnn32Nd/CqdO

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks