General

  • Target

    3f208f220000f38395c96a06011496d755e7f4932a037ac08f884dbe81462a0e.exe

  • Size

    1.0MB

  • Sample

    221208-m7e81shg59

  • MD5

    6be4ed58ccaac533af70b264d7132bac

  • SHA1

    0084169c3f9e4acef3917f29873f81d7474bcd82

  • SHA256

    3f208f220000f38395c96a06011496d755e7f4932a037ac08f884dbe81462a0e

  • SHA512

    4e51bca0bd135f3800371481121c439b3a138fb90e70f7a50b66811940199e34f35cddabaff64fcacab5c45d9544844bd34eb4e29c8fce72bbd7bc8bec4c6743

  • SSDEEP

    12288:rXWgh/PsZ1DX/VDJIhp+dTjmuYqfaIGU0MgXo5BASa37dI6R82HOC7:rWgh/P9h2ugJhLASaW6R82HOs

Malware Config

Extracted

Family

formbook

Campaign

wu27

Decoy

69/AbbgufRx7loCQ5G4WYQ==

uydiDFvHsFxlIrdq

NBlmCe8ii+DEa2ye5G4WYQ==

LicGnHCl/UZ2UMg=

e2lQ8e1lsXvAeX+U5G4WYQ==

2bF/M54rOGusdYqc5G4WYQ==

mQLidD9i82JIsrqysw==

ZdlDYrcsl/L9eH+U5G4WYQ==

80ucyjCJdqXkcNI=

/eg6aKbVvNkwOcxzZyAx3cCTN5E=

lflaF0MvE+fHXoWmrg==

qRfykIXbxMkND1kwe3I=

s6iSNSVOMwnpvFDxdFLlOfqBMw==

imkLObSlIdc=

oBUBm36yNaZ99JYxenA=

ngFE7+IP8Te6N75o

O6Htl8Oyjb0Msrqysw==

f4JgCEnC0LEC9w==

9+dNeq/hVxaAhxzT1pbgzZ2mb3Nf

980jQpYF3y1wMomLfWU=

Targets

    • Target

      3f208f220000f38395c96a06011496d755e7f4932a037ac08f884dbe81462a0e.exe

    • Size

      1.0MB

    • MD5

      6be4ed58ccaac533af70b264d7132bac

    • SHA1

      0084169c3f9e4acef3917f29873f81d7474bcd82

    • SHA256

      3f208f220000f38395c96a06011496d755e7f4932a037ac08f884dbe81462a0e

    • SHA512

      4e51bca0bd135f3800371481121c439b3a138fb90e70f7a50b66811940199e34f35cddabaff64fcacab5c45d9544844bd34eb4e29c8fce72bbd7bc8bec4c6743

    • SSDEEP

      12288:rXWgh/PsZ1DX/VDJIhp+dTjmuYqfaIGU0MgXo5BASa37dI6R82HOC7:rWgh/P9h2ugJhLASaW6R82HOs

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks