General

  • Target

    f4a9a76e7a18ea2e2dcf234b006be09f9fdf1cbd4ac7d88bdf0dced5cb453374.exe

  • Size

    1.0MB

  • Sample

    221208-m32w8acg2v

  • MD5

    559e7d00549bbb00fd6454f597b6ec69

  • SHA1

    5a5547c9f5328c4d73458c27a4841b5ff9b5738b

  • SHA256

    f4a9a76e7a18ea2e2dcf234b006be09f9fdf1cbd4ac7d88bdf0dced5cb453374

  • SHA512

    7c37b3cc0772ea7e849a3915fffac89db5d4303c33e9a7ab883c0e59732d79027fadebe3db2dc9ea669bbfe3f7203c2d7dfe0541cc440d04f8ba19293fc2ad52

  • SSDEEP

    24576:y1uCqdOSSQJs9a79QrjAuu7w+QJID2k9mc1sfu3:yzqdOSS2s9aqrauJNWsf

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

lt63

Decoy

fortrantelecom.africa

ffafa.buzz

bullybrain.com

ekeisolutions.com

lamiamira.com

noahsark.xyz

beautyby-eve.com

cloudfatory.com

12443.football

hataykultur.online

donqu3.sexy

breakthroughaustralia.com

havengpe.com

cpxlocatup.info

corefourpartners.com

amonefintech.com

thithombo.africa

bassmaty.store

fdshdsr.top

lifesoapsimple.com

Targets

    • Target

      f4a9a76e7a18ea2e2dcf234b006be09f9fdf1cbd4ac7d88bdf0dced5cb453374.exe

    • Size

      1.0MB

    • MD5

      559e7d00549bbb00fd6454f597b6ec69

    • SHA1

      5a5547c9f5328c4d73458c27a4841b5ff9b5738b

    • SHA256

      f4a9a76e7a18ea2e2dcf234b006be09f9fdf1cbd4ac7d88bdf0dced5cb453374

    • SHA512

      7c37b3cc0772ea7e849a3915fffac89db5d4303c33e9a7ab883c0e59732d79027fadebe3db2dc9ea669bbfe3f7203c2d7dfe0541cc440d04f8ba19293fc2ad52

    • SSDEEP

      24576:y1uCqdOSSQJs9a79QrjAuu7w+QJID2k9mc1sfu3:yzqdOSS2s9aqrauJNWsf

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks