General

  • Target

    17738f933c264f5979a6ea7ddc4e4b4770432f32e3773e4e6b909e3bf3f2cd3c

  • Size

    744KB

  • Sample

    221130-p5dnhsbh87

  • MD5

    185ee8d153bc97bd21cf3baef478dec0

  • SHA1

    82d941989e8feba6a6c25b8e6812b8e22be51fd3

  • SHA256

    17738f933c264f5979a6ea7ddc4e4b4770432f32e3773e4e6b909e3bf3f2cd3c

  • SHA512

    38de1cff02350f6ac7acc0a3fadb0029c33368465af9b75806fe2627eb12eafbb1fdceea749f37af70263fac04a1ceefc902344eb5b8338eb3f171f6f01d3c41

  • SSDEEP

    12288:TQirjDMcnoE0LtEx6UxNqj+stiD5mKsmlNy53tlRRm/YNUzn:TQuD1t0LtExjqj+wwctmS3t8QN

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

grv

Decoy

morganofatlanta.com

vz473.com

hengetelt.com

bailcally.com

virtuosoonline.com

tenthousandli.com

ohanamascota.com

digi-plates.com

prismagtech.com

we-cinema.com

372680.com

smartautoexpert.xyz

mrxzg.com

apartment-brussels.com

reverseincubator.com

linkasean.com

yummicrabva.com

diguchaye.com

reaktorfatura.com

thecatsaysno.com

Targets

    • Target

      17738f933c264f5979a6ea7ddc4e4b4770432f32e3773e4e6b909e3bf3f2cd3c

    • Size

      744KB

    • MD5

      185ee8d153bc97bd21cf3baef478dec0

    • SHA1

      82d941989e8feba6a6c25b8e6812b8e22be51fd3

    • SHA256

      17738f933c264f5979a6ea7ddc4e4b4770432f32e3773e4e6b909e3bf3f2cd3c

    • SHA512

      38de1cff02350f6ac7acc0a3fadb0029c33368465af9b75806fe2627eb12eafbb1fdceea749f37af70263fac04a1ceefc902344eb5b8338eb3f171f6f01d3c41

    • SSDEEP

      12288:TQirjDMcnoE0LtEx6UxNqj+stiD5mKsmlNy53tlRRm/YNUzn:TQuD1t0LtExjqj+wwctmS3t8QN

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks