General

  • Target

    RFQ _#CIF FOR Hyderabad.exe

  • Size

    893KB

  • Sample

    221207-rj1bhaac4z

  • MD5

    38e553f81a142579ea9a4e61a5c02c14

  • SHA1

    44cb7f3254aa1991bd49039f9cfaec4ac3cf87b2

  • SHA256

    090b0e38780c07da32a7d9119c754e34b398845b94fbe8ea544fc9ab8d81ac80

  • SHA512

    3bc489194086f1abc40e077657d50835d6a71fe94314592aa47c806340ae3d5dd4f53bb8bc969c7d22cd2403fd395a8283a4573abb1475709dd7543c72b65203

  • SSDEEP

    12288:roQgKZ/nXt7virmWhlGLaQYIV7m2HUOZE2SqvXD0LLc7VrfOJvFTkfDtd9201ZRk:DBHEdqf0KOJvFTkf5L2GRahex3zLu

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d94i

Decoy

drain-pipe-cleaning-74655.com

culligandiiy.com

lknja.shop

salon-atmosfera.ru

steamgeneratorboilers.com

drain-pipe-cleaning-30896.com

dinoton.fun

feed-v.com

aym-brum.co.uk

bxztil.xyz

infinite-transformation.com

caticmicro.com

abrahamgranda.com

cleaninggem.com

hi5279.com

jainsdigitalservices.com

cglsuperset.com

kephatonrx.com

babyhandmold.com

braceelet.com

Targets

    • Target

      RFQ _#CIF FOR Hyderabad.exe

    • Size

      893KB

    • MD5

      38e553f81a142579ea9a4e61a5c02c14

    • SHA1

      44cb7f3254aa1991bd49039f9cfaec4ac3cf87b2

    • SHA256

      090b0e38780c07da32a7d9119c754e34b398845b94fbe8ea544fc9ab8d81ac80

    • SHA512

      3bc489194086f1abc40e077657d50835d6a71fe94314592aa47c806340ae3d5dd4f53bb8bc969c7d22cd2403fd395a8283a4573abb1475709dd7543c72b65203

    • SSDEEP

      12288:roQgKZ/nXt7virmWhlGLaQYIV7m2HUOZE2SqvXD0LLc7VrfOJvFTkfDtd9201ZRk:DBHEdqf0KOJvFTkf5L2GRahex3zLu

    • Detected phishing page

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks