General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.8040.31387.exe

  • Size

    626KB

  • Sample

    221206-back3sff8z

  • MD5

    094fd52eec0055205bddc82c5f78ad87

  • SHA1

    c06a2da7c13bcebe40b4cd46d4afaaa856b0de95

  • SHA256

    dd7c962afea2752944885fdd3551a0a50fc3a58f676c1466f5fb71eda72d5a24

  • SHA512

    d2b87d9a99516041216c593aec1913d807b9771f60dcdc86918be55a8c686de99ad33bfd48cd7756394649da04a61e2d66f7d14fae4987104838bf968d97c592

  • SSDEEP

    12288:R3c1yxe16Rd0U5oMhZXomtfIQCXgncvEyCaM/dawm5ovZ7W/HgJepIQ:RGyxcY0UiMhZVtgmnc/Cb/dLHB7WvgM1

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ng04

Decoy

tevimaq.com

easterspecialtystore.com

smartlever.tech

10312.uk

tanjawiharbi.co.uk

471338.com

horusventure.com

empress-care.com

sinrian.com

465951.com

aemsti.com

nxcourier.com

stargatefarms.com

lalyquainvestment.com

dailysportsadvice.com

justlistmoore.com

stoneonroll.online

tatianakolomiets.com

barcodebbm.com

protectorship.world

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.8040.31387.exe

    • Size

      626KB

    • MD5

      094fd52eec0055205bddc82c5f78ad87

    • SHA1

      c06a2da7c13bcebe40b4cd46d4afaaa856b0de95

    • SHA256

      dd7c962afea2752944885fdd3551a0a50fc3a58f676c1466f5fb71eda72d5a24

    • SHA512

      d2b87d9a99516041216c593aec1913d807b9771f60dcdc86918be55a8c686de99ad33bfd48cd7756394649da04a61e2d66f7d14fae4987104838bf968d97c592

    • SSDEEP

      12288:R3c1yxe16Rd0U5oMhZXomtfIQCXgncvEyCaM/dawm5ovZ7W/HgJepIQ:RGyxcY0UiMhZVtgmnc/Cb/dLHB7WvgM1

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks