General

  • Target

    5c09d69e1074890c0f9dd2b4cb100200179fc87de3e60f3d70a007f07d7864e1.exe

  • Size

    858KB

  • Sample

    221203-dxysyaag67

  • MD5

    89e48a555b28668e0bce1728b8c56638

  • SHA1

    ab56a4197e4a984a9efd5ed0a11b8f06af02b0c3

  • SHA256

    5c09d69e1074890c0f9dd2b4cb100200179fc87de3e60f3d70a007f07d7864e1

  • SHA512

    623f72f11f70c79bef1534e3dff6e29b8d901caf5dbd93b98c0490f893d99bb40ff5e3e89a5b22469b43aaf4f8651f1f1b5fccf69dc664d35a4547ea50d9a4b5

  • SSDEEP

    12288:fjohAmQaalRRw8gf3KjLgeA87QIBqPwNK7sb7/sn1gSp4JZX9jq:syGp80ajLgeA87QIe7w7En1gSp4TX9j

Malware Config

Extracted

Family

formbook

Campaign

c43g

Decoy

TJbzc715oMJyvdR2QVKD7Vo0tQY7R7Ey8A==

s0SBKHqd+pu4ExyvcX8DH+EhBZk7og==

dIFcsOkaySIJIw==

nvCLvSBIvt/XA8toCA05klSmSCs=

eAuSnrNfn/zh//Q=

9gFqr+CHySIJIw==

UND1oatxstSL8/uia5b4L9sa

EE2Wu7NkmKhw6dWD/ZrV

pTc3sxUsdqBbV7mgf6U=

bOoXvKs7MlJ2sCC93H0u0w==

fYSulyhLySIJIw==

Ud0T4Sdau9HjE5WDHTLV

x1ogw5IzvNLn

a6Utc6622e7N7rKV7g3E

e8rnBl+SJgun5NdyTaaLWEbEySM=

sjRR7uGCkOl33+w=

FWLaFz7vG7RHTvemab6vBYM=

KKdNclzjyFxvW7mgf6U=

6lpaaOHCJSk=

RaGqPzng+SYHWbHDFmuS0Q==

Targets

    • Target

      5c09d69e1074890c0f9dd2b4cb100200179fc87de3e60f3d70a007f07d7864e1.exe

    • Size

      858KB

    • MD5

      89e48a555b28668e0bce1728b8c56638

    • SHA1

      ab56a4197e4a984a9efd5ed0a11b8f06af02b0c3

    • SHA256

      5c09d69e1074890c0f9dd2b4cb100200179fc87de3e60f3d70a007f07d7864e1

    • SHA512

      623f72f11f70c79bef1534e3dff6e29b8d901caf5dbd93b98c0490f893d99bb40ff5e3e89a5b22469b43aaf4f8651f1f1b5fccf69dc664d35a4547ea50d9a4b5

    • SSDEEP

      12288:fjohAmQaalRRw8gf3KjLgeA87QIBqPwNK7sb7/sn1gSp4JZX9jq:syGp80ajLgeA87QIe7w7En1gSp4TX9j

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks