General

  • Target

    tmp

  • Size

    257KB

  • Sample

    221203-we1hxsca36

  • MD5

    2bdc884f5196976c0de3167589f63522

  • SHA1

    5b978a100bbb83b0bbec915bd1c3b07525196259

  • SHA256

    0646127a521c320e61c31e4ae2c035e53438d7ff8d25e28cd7150367f40d9504

  • SHA512

    a50a9949662bd8e0eafe665c5ab65b1c488c4e3122535908aea91a8584bc005b6744610cb973fcf761ce3165ae324c627d23d144f211e2a57f63a36d13c6d690

  • SSDEEP

    6144:QBn1Z0jDV/nnSM77DguiCKieVOo5lhuxBaBUAIjmMQ8sXx:gAnSM77VijZV/5lhuxBaBUA6OL

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

us90

Decoy

1expresno.app

thepsychic.africa

burjbinghattitower.com

hotelurgell.com

goldenassistant.com

ecovod-servise.ru

kbjnonprofit.com

dope.trade

babylon-it.net

dsatyui.xyz

myexpertisebybbl.app

2185866.com

inboxwired.xyz

lamy.life

gic-invest.info

eliteconstructionsni.co.uk

lamygeo.com

courean.space

cremation-services-75688.com

fapearte.com

Targets

    • Target

      tmp

    • Size

      257KB

    • MD5

      2bdc884f5196976c0de3167589f63522

    • SHA1

      5b978a100bbb83b0bbec915bd1c3b07525196259

    • SHA256

      0646127a521c320e61c31e4ae2c035e53438d7ff8d25e28cd7150367f40d9504

    • SHA512

      a50a9949662bd8e0eafe665c5ab65b1c488c4e3122535908aea91a8584bc005b6744610cb973fcf761ce3165ae324c627d23d144f211e2a57f63a36d13c6d690

    • SSDEEP

      6144:QBn1Z0jDV/nnSM77DguiCKieVOo5lhuxBaBUAIjmMQ8sXx:gAnSM77VijZV/5lhuxBaBUA6OL

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks