General

  • Target

    11-29-22.exe

  • Size

    121KB

  • Sample

    221129-lbbehsfb23

  • MD5

    e906026bef372da3ac8618be9c0a1787

  • SHA1

    d98429fcff9d667e116c8b99469070e7bdb0de59

  • SHA256

    d13d078e3ca43adb581966a669f056116b1aaee681d1b6c026f0b6f4bb606324

  • SHA512

    403de6adc801b3f460967f0b0d63003647265be67cc0336aeb60a1c31cdbed00199eb43c8bed489c777299db36f88f785b99e29bf15b4f3615bd907b3431f4cb

  • SSDEEP

    3072:VEvf9OEud7hY72rOAOkGt6+duWA/t/SHUebbxCbGgKk12qk/In/87gUHCzQgtn9x:u9OnGZwLf8

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fs44

Decoy

whneat.com

jljcw.net

pocodelivery.com

outofplacezine.com

yavuzcansigorta.com

xinhewood-cn.com

cartogogh.com

5avis.com

joyceyong.art

digitalsurf.community

blackcreekbarns.com

magazinedistribuidor.com

sportsgross.com

drevom.online

mayibeofservice.com

gareloi-digit.com

permitha.net

renaissanceestetica.com

facts-r-friends.com

dach-loc.com

Targets

    • Target

      11-29-22.exe

    • Size

      121KB

    • MD5

      e906026bef372da3ac8618be9c0a1787

    • SHA1

      d98429fcff9d667e116c8b99469070e7bdb0de59

    • SHA256

      d13d078e3ca43adb581966a669f056116b1aaee681d1b6c026f0b6f4bb606324

    • SHA512

      403de6adc801b3f460967f0b0d63003647265be67cc0336aeb60a1c31cdbed00199eb43c8bed489c777299db36f88f785b99e29bf15b4f3615bd907b3431f4cb

    • SSDEEP

      3072:VEvf9OEud7hY72rOAOkGt6+duWA/t/SHUebbxCbGgKk12qk/In/87gUHCzQgtn9x:u9OnGZwLf8

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks