General

  • Target

    ff9cb8f0b77b8627aff748b0c47ff83e52fdcce328283191a0284a7abdd4c9c9.exe

  • Size

    808KB

  • Sample

    221208-pv75dada21

  • MD5

    e5aec87031becb8f74adc6a244a4965c

  • SHA1

    ca92401e68c6a65d863303235a018538b91e3422

  • SHA256

    ff9cb8f0b77b8627aff748b0c47ff83e52fdcce328283191a0284a7abdd4c9c9

  • SHA512

    fbd97279ae3b02bb039f09475bf6e68893a0ab7b370fae28091688d0201cc025b83ca581f507adc00251c4ec6bbb7dc3960a66ed9183ef412420ab61606b2d4b

  • SSDEEP

    24576:Zr18+L74mBfNUstzouz7Wouu6YlLH03r8JN:ZrrTnUI

Malware Config

Extracted

Family

formbook

Campaign

c43g

Decoy

TJbzc715oMJyvdR2QVKD7Vo0tQY7R7Ey8A==

s0SBKHqd+pu4ExyvcX8DH+EhBZk7og==

dIFcsOkaySIJIw==

nvCLvSBIvt/XA8toCA05klSmSCs=

eAuSnrNfn/zh//Q=

9gFqr+CHySIJIw==

UND1oatxstSL8/uia5b4L9sa

EE2Wu7NkmKhw6dWD/ZrV

pTc3sxUsdqBbV7mgf6U=

bOoXvKs7MlJ2sCC93H0u0w==

fYSulyhLySIJIw==

Ud0T4Sdau9HjE5WDHTLV

x1ogw5IzvNLn

a6Utc6622e7N7rKV7g3E

e8rnBl+SJgun5NdyTaaLWEbEySM=

sjRR7uGCkOl33+w=

FWLaFz7vG7RHTvemab6vBYM=

KKdNclzjyFxvW7mgf6U=

6lpaaOHCJSk=

RaGqPzng+SYHWbHDFmuS0Q==

Targets

    • Target

      ff9cb8f0b77b8627aff748b0c47ff83e52fdcce328283191a0284a7abdd4c9c9.exe

    • Size

      808KB

    • MD5

      e5aec87031becb8f74adc6a244a4965c

    • SHA1

      ca92401e68c6a65d863303235a018538b91e3422

    • SHA256

      ff9cb8f0b77b8627aff748b0c47ff83e52fdcce328283191a0284a7abdd4c9c9

    • SHA512

      fbd97279ae3b02bb039f09475bf6e68893a0ab7b370fae28091688d0201cc025b83ca581f507adc00251c4ec6bbb7dc3960a66ed9183ef412420ab61606b2d4b

    • SSDEEP

      24576:Zr18+L74mBfNUstzouz7Wouu6YlLH03r8JN:ZrrTnUI

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks