General

  • Target

    2b11d3a570fd45fda3e8c062f447e09dbabcfafee5e89f4258c0ac7c6e294fdc.exe

  • Size

    239KB

  • Sample

    221130-s3498sch67

  • MD5

    0acb5bcb968b08f9fa0275337eaf9d81

  • SHA1

    9ff40194659288c71ee7ff01435eac29d5d55004

  • SHA256

    2b11d3a570fd45fda3e8c062f447e09dbabcfafee5e89f4258c0ac7c6e294fdc

  • SHA512

    a6c9ee59f120f5400ea08726337ed52d982184d71809f12255f44643fb6170e996a0bd89b5465b6498854978e0acab09e7cb7d6b912bcd1396e848392b1e986a

  • SSDEEP

    6144:QBn1gQ5lYu+gRaCuvlFMC5oTlyEwP5Od6mcELn3Wm:ggQ4DgRaxL5oJmP5O3jmm

Malware Config

Extracted

Family

formbook

Campaign

n2hm

Decoy

XCeG4IxNKbAl

YzJWbnC+El84nA==

KAJcdmP8yEcO5LXPCFF42Wfb

I+J+xYO95GJQWVU=

GtgxPPv3FmQmhw==

Og9NYF4xEl+j7vGTR93xvg==

506Cg07bsT0G6yK+A96H0h35V+JLkwI=

wAYXFN+pSFIXgQ==

ijzLI/f+FmQmhw==

UfT2PweNm+w8

GQWVw5aZnfF/kS5e

30BKYjua9zcA7gAwsPUngLnjyrBNEgo=

AM65OrmyFmQmhw==

VSlTVxISZ4J/kS5e

GGKj6K33SRh6e0/YzT5nQGlK5CXRqw==

B9H98cUUfX+AWOqiTA==

MxVffWOIoVnM37zrd2sTaOY=

z6bxCgG/mGhR7oDzQA==

pQgSLSRi6AK3M/PdArpX

6rRRsYuSnXx/kS5e

Targets

    • Target

      2b11d3a570fd45fda3e8c062f447e09dbabcfafee5e89f4258c0ac7c6e294fdc.exe

    • Size

      239KB

    • MD5

      0acb5bcb968b08f9fa0275337eaf9d81

    • SHA1

      9ff40194659288c71ee7ff01435eac29d5d55004

    • SHA256

      2b11d3a570fd45fda3e8c062f447e09dbabcfafee5e89f4258c0ac7c6e294fdc

    • SHA512

      a6c9ee59f120f5400ea08726337ed52d982184d71809f12255f44643fb6170e996a0bd89b5465b6498854978e0acab09e7cb7d6b912bcd1396e848392b1e986a

    • SSDEEP

      6144:QBn1gQ5lYu+gRaCuvlFMC5oTlyEwP5Od6mcELn3Wm:ggQ4DgRaxL5oJmP5O3jmm

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks