General

  • Target

    21de76383c20f46e5991d16ecdccaf0f6ba0df011034e33ad17afc5cb7f1f6a3

  • Size

    270KB

  • Sample

    221207-cqxfvsaa2s

  • MD5

    54cb6b6a5eecc9c52283c1838a5a0d14

  • SHA1

    0f9d660e95817a474cf866163d61ff6afde223fd

  • SHA256

    21de76383c20f46e5991d16ecdccaf0f6ba0df011034e33ad17afc5cb7f1f6a3

  • SHA512

    3308a4e8086948278daab24dea250dbf5b90df35466749fcc4126969132710beec581deed2c2fad1b99713016d232ec141675f1a3409bb92b177032bcebba72f

  • SSDEEP

    6144:QBn1JYjUZI4r4lx3n5ssS0gVxdszEU0kXBgvsAZ/sEuRYSwq:gOiIblxXGsS00dszpXXqv/h+YSwq

Malware Config

Extracted

Family

formbook

Campaign

henz

Decoy

IxWMb+jVsoinShuZJzk=

TPfKgQZ//oGnKr/J

EsK0WxD5kY65XOW1Td/5CxSUpCUytR7M

KebSmiCP9p8yUw==

HAt/ljkEuqMLHOLCi53Pv8MKX9qk

CY4ogZTwJc4vSw==

WWDIx5UYUDyepntE0YIAPca3/rI=

+Pkr01Lfb2rME7bL

S5nyK0p8jS2xdwQ=

W/oqvlO57LfkLcLHnQ==

zrrwtqkTLwxulm4l8FGopw==

AqucYext8bzFbOKthIm8E6gfVkUHxKY=

OfnjeDs78+RTcz4OHRl+

XKf1wwpZR5hLLjHgmUGOpQ==

JMyhSLoJPTCwn5o9zX2d8i1+

Wk54MBsDhWSVbnIRkQ==

7aaYR/tOhh9piTw5/KHSRwuK2iqgafw7pQ==

hH/EYxN+jC2xdwQ=

S0F4ORqDjS2xdwQ=

0o/UwXnuJ+sJp0cOHRl+

Targets

    • Target

      21de76383c20f46e5991d16ecdccaf0f6ba0df011034e33ad17afc5cb7f1f6a3

    • Size

      270KB

    • MD5

      54cb6b6a5eecc9c52283c1838a5a0d14

    • SHA1

      0f9d660e95817a474cf866163d61ff6afde223fd

    • SHA256

      21de76383c20f46e5991d16ecdccaf0f6ba0df011034e33ad17afc5cb7f1f6a3

    • SHA512

      3308a4e8086948278daab24dea250dbf5b90df35466749fcc4126969132710beec581deed2c2fad1b99713016d232ec141675f1a3409bb92b177032bcebba72f

    • SSDEEP

      6144:QBn1JYjUZI4r4lx3n5ssS0gVxdszEU0kXBgvsAZ/sEuRYSwq:gOiIblxXGsS00dszpXXqv/h+YSwq

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks