General

  • Target

    67e92bb97c0fc0b8a96b9fd2a0f55a0f82f9966f22824f4edc639b0370549a54.exe

  • Size

    722KB

  • Sample

    221207-q1s33sab81

  • MD5

    5389f9758ef51d3f6963d6784423da90

  • SHA1

    4ba859dd7f254f2dd6f304890c089b6dda366d42

  • SHA256

    67e92bb97c0fc0b8a96b9fd2a0f55a0f82f9966f22824f4edc639b0370549a54

  • SHA512

    8bdda2de26868d3ac392a4b2273a9bb9365abca72a1b345c87bca63a8d9913e36e37f0533e66d1794ef8b53217c8775cb6ff85d64570ca5f9722fc39127869cf

  • SSDEEP

    12288:v6kdcF8I4ycMJwjgF9qgz/A5VW+HZ1BnM33302IgFJN0V3fo0cjZnbCkI:fu8I4y8jgrqoA5QUnBnG30YCoFjZnbCx

Malware Config

Extracted

Family

formbook

Campaign

0rft

Decoy

ouhzmTAhN++kgdVvcoAL+ukx7FI=

b/AAsl7j+poCqvsdhQ==

geqhPAMFrNJcHSaYr8Lk

P8N3+6G7Ut/X8wc3

t/OMzJS7R93X8wc3

VwX08ydDu1/ynVc2h/2WBUKHbA==

+ekVLl+umTTBqvsdhQ==

Vcaa12iRzI3+qvsdhQ==

dDIqvVJ9I8ah7fw/Xd4=

p6Xf5u8jI0hYw8hkX9fyQMciqgvG

erJhSR5/Nmn3qvsdhQ==

STdhWvnj9qxWHJ+aQMY=

wMotTfVO6w67i3T9UHemYQ==

ERs8NVCBapjX8wc3

OfIIrnWzp9LjSR+Setj6PqYCng7M

vnh5JHz4WxNQ

iQLl01OIh7/eoT9gABSsdg==

K7Z0BcT7mTuWc3e6U7eHty7YlHt0Qw==

kEJBNFGFf16ie70=

qibJ119LdV6ie70=

Targets

    • Target

      67e92bb97c0fc0b8a96b9fd2a0f55a0f82f9966f22824f4edc639b0370549a54.exe

    • Size

      722KB

    • MD5

      5389f9758ef51d3f6963d6784423da90

    • SHA1

      4ba859dd7f254f2dd6f304890c089b6dda366d42

    • SHA256

      67e92bb97c0fc0b8a96b9fd2a0f55a0f82f9966f22824f4edc639b0370549a54

    • SHA512

      8bdda2de26868d3ac392a4b2273a9bb9365abca72a1b345c87bca63a8d9913e36e37f0533e66d1794ef8b53217c8775cb6ff85d64570ca5f9722fc39127869cf

    • SSDEEP

      12288:v6kdcF8I4ycMJwjgF9qgz/A5VW+HZ1BnM33302IgFJN0V3fo0cjZnbCkI:fu8I4y8jgrqoA5QUnBnG30YCoFjZnbCx

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks