General

  • Target

    file.exe

  • Size

    260KB

  • Sample

    221128-q6y7aagg63

  • MD5

    31319144a917439aa8e961cce95f82ee

  • SHA1

    eaea6b758bdba74243099d60e8dd65dcbb524351

  • SHA256

    b4455821387f7c5571cf3aa28abde41c188593a4cb5f59d0f1e9c368db49348b

  • SHA512

    0d28854203e99f9d35fbbb920a23d9829cfad3a2583d42c77515709963c347282737b7ac545673a3b7951c4e44e4c4c37209780ef9a498eeca1ac81948dccf62

  • SSDEEP

    6144:DN92Cag76LSVVz83bwo0SEkRMUEU4zRkaYKGfb:DNQg76LSV4Hf72XU4zRyKGfb

Malware Config

Extracted

Family

formbook

Campaign

tu7g

Decoy

fbbktzFKN8MB1h8=

FPidEXGfkl0WqgXoVhHehw==

iHEjIL7XwJdpN6Er4Evhu03o

fHQTMsjqD3cPpQ==

VDXmCsr22oYhshz/Fg305nF21Q==

j4ZHfk5rRf6tVtwbMRU=

AORqAXKWy4R+//VwFdB6VVk=

9PW0Yw9RkIfer5+/bum7nlxwy1QfDQ==

ZU8mUjRgSOn3d0eFD3puQgVpnaAj

nlHgT2aJaMMB1h8=

+qc6XcgwdjVsEgKQ2zT+

/gCHJbBZrWjx1OZN40Hhu03o

48dX+WeLWAjFZMR2lItP8bJ87X4=

+N6H9VVzix7uogI=

Jf/NAPQe+8we7uftVhHehw==

YmANk8T+ix7uogI=

GTKxpLAYsJTl

pT8FM/QacYAV/+VInxn0

8JAnF9PnyZA29xH3Iw==

8ZdFPhCvGxYBxRCTqtB6VVk=

Targets

    • Target

      file.exe

    • Size

      260KB

    • MD5

      31319144a917439aa8e961cce95f82ee

    • SHA1

      eaea6b758bdba74243099d60e8dd65dcbb524351

    • SHA256

      b4455821387f7c5571cf3aa28abde41c188593a4cb5f59d0f1e9c368db49348b

    • SHA512

      0d28854203e99f9d35fbbb920a23d9829cfad3a2583d42c77515709963c347282737b7ac545673a3b7951c4e44e4c4c37209780ef9a498eeca1ac81948dccf62

    • SSDEEP

      6144:DN92Cag76LSVVz83bwo0SEkRMUEU4zRkaYKGfb:DNQg76LSV4Hf72XU4zRyKGfb

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks