General

  • Target

    file.exe

  • Size

    880KB

  • Sample

    221201-vj5g1adb61

  • MD5

    b334b3f51ba68fe25f487850ee9710ed

  • SHA1

    ea18a63daa9f0b55a96e70bf9e45838f48b56b92

  • SHA256

    8ad29501e45ec72a916eccc0b9d34e074dc9f9010c74d32d871d66d4c4351897

  • SHA512

    2c653f016428898c75ac85b891ad3b0c98fb80e0b46786773c2af95d0ad18fec13755d9f0ad316186f827ce04454738217789babeb8cd735af1c322fae091450

  • SSDEEP

    24576:8RiMfoGdmgFQCIdv/H5e7w7En1gSp4T79j:4QGdlehdH5e7w7EnOSCP

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dv22

Decoy

ivk-muc.com

theplantgranny.net

efefefficient.buzz

car-deals-87506.com

yangcongzhibo.net

empiralventures.com

latexpillo.com

ferramentafivizzanese.shop

kx1553.com

timamollo.africa

paran6787.net

fabicilio.online

kreativnettchen.shop

manakamana.co.uk

andreapeverelli.shop

jianf.site

kmqan.xyz

aoshilang.com

dnsmctmu.com

pumpkinsmp.net

Targets

    • Target

      file.exe

    • Size

      880KB

    • MD5

      b334b3f51ba68fe25f487850ee9710ed

    • SHA1

      ea18a63daa9f0b55a96e70bf9e45838f48b56b92

    • SHA256

      8ad29501e45ec72a916eccc0b9d34e074dc9f9010c74d32d871d66d4c4351897

    • SHA512

      2c653f016428898c75ac85b891ad3b0c98fb80e0b46786773c2af95d0ad18fec13755d9f0ad316186f827ce04454738217789babeb8cd735af1c322fae091450

    • SSDEEP

      24576:8RiMfoGdmgFQCIdv/H5e7w7En1gSp4T79j:4QGdlehdH5e7w7EnOSCP

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks