General

  • Target

    shelamas3.1.exe

  • Size

    511KB

  • Sample

    221207-rk8z2aac5v

  • MD5

    7994c54a4717446039c90d9f5e63d4ce

  • SHA1

    18f5bc70c635da9b95e47898f0313758e225a380

  • SHA256

    037d18a0489c63d5d9ba87f8ea9652c511df0787eb9d8fe361cfab7f93e03582

  • SHA512

    69dc8129beeb15632ea7ea8c63d95bd1a08c8fb3aaacf7344d3ec01bd9efd9f5e6f4dd9e540c159c83a25bcf0003caa57ed944351e6a20c769e124302a0ea5af

  • SSDEEP

    12288:nEUfI55vi6nBA+FrSbH/PJ8jevCPyyYmYj:npYnnBA+FG7/h8jeKPtYtj

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sk19

Decoy

21diasdegratitud.com

kx1993.com

chasergt.com

837news.com

naturagent.co.uk

gatorinsurtech.com

iyaboolashilesblog.africa

jamtanganmurah.online

gguminsa.com

lilliesdrop.com

lenvera.com

link48.co.uk

azinos777.fun

lgcdct.cfd

bg-gobtc.com

livecarrer.uk

cbq4u.com

imalreadygone.com

wabeng.africa

jxmheiyouyuetot.tokyo

Targets

    • Target

      shelamas3.1.exe

    • Size

      511KB

    • MD5

      7994c54a4717446039c90d9f5e63d4ce

    • SHA1

      18f5bc70c635da9b95e47898f0313758e225a380

    • SHA256

      037d18a0489c63d5d9ba87f8ea9652c511df0787eb9d8fe361cfab7f93e03582

    • SHA512

      69dc8129beeb15632ea7ea8c63d95bd1a08c8fb3aaacf7344d3ec01bd9efd9f5e6f4dd9e540c159c83a25bcf0003caa57ed944351e6a20c769e124302a0ea5af

    • SSDEEP

      12288:nEUfI55vi6nBA+FrSbH/PJ8jevCPyyYmYj:npYnnBA+FG7/h8jeKPtYtj

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks