General

  • Target

    e9aa6a27ec892b6f181ce3b02ad0bdcc89a57ef61095d6328c78a96d1147111f

  • Size

    996KB

  • Sample

    221130-qkwh9sgb8y

  • MD5

    328b0fa25e033f6f2551f4466e2010a4

  • SHA1

    f418096848ecf5cb9f23ae98d9b521e47e6dad36

  • SHA256

    e9aa6a27ec892b6f181ce3b02ad0bdcc89a57ef61095d6328c78a96d1147111f

  • SHA512

    3e1b979c6250602a6408c709f8d2dfb9b8588b186e7f31e5907a15c160efc8528bff3d0c7b4b9f8380967a144ca618d83698b38d5e6dee85b060a249989a269b

  • SSDEEP

    12288:7Ihm7pdgj6jRPLjRPqjBjjyjBjBjBjBjLjGR9gsapVG/z7hACpzaxBDfQ/NRYvz9:El3IifOCpzqVaNRA2QM5

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gbr

Decoy

serabet.com

galanggroup.com

zweitmeinung-urologie.com

damsalon.com

binliwine.com

lifeladderindia.com

flyingwranchmanagement.com

tripsandturns.com

3headdesign.com

aluminumfacade.com

toprestau.com

facetreatspa.com

periodrescuekit.com

dbaojian.com

altinotokurtarma.com

gkpelle.com

loguslife.com

treatse.com

lghglzcnkx.net

jawharabh.com

Targets

    • Target

      e9aa6a27ec892b6f181ce3b02ad0bdcc89a57ef61095d6328c78a96d1147111f

    • Size

      996KB

    • MD5

      328b0fa25e033f6f2551f4466e2010a4

    • SHA1

      f418096848ecf5cb9f23ae98d9b521e47e6dad36

    • SHA256

      e9aa6a27ec892b6f181ce3b02ad0bdcc89a57ef61095d6328c78a96d1147111f

    • SHA512

      3e1b979c6250602a6408c709f8d2dfb9b8588b186e7f31e5907a15c160efc8528bff3d0c7b4b9f8380967a144ca618d83698b38d5e6dee85b060a249989a269b

    • SSDEEP

      12288:7Ihm7pdgj6jRPLjRPqjBjjyjBjBjBjBjLjGR9gsapVG/z7hACpzaxBDfQ/NRYvz9:El3IifOCpzqVaNRA2QM5

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks