General

  • Target

    6c0b46a75222d73d7c3b383335b4445ecbf1e4559b132dc64a291929128c04ae.exe

  • Size

    1014KB

  • Sample

    221208-pvmhnsaa38

  • MD5

    82d72b9f11196d6a4c1da56621aa747f

  • SHA1

    0cb896439279030d2b3660751d110c909560290f

  • SHA256

    6c0b46a75222d73d7c3b383335b4445ecbf1e4559b132dc64a291929128c04ae

  • SHA512

    dfe2a38d0ef2bd50a8df77930362b35f02414243d72692cbbd3193cbb256dc790f8961b9109fd07fbf1f59d3417c253a18c3cb88b74b78fcdbaba07da7b603e3

  • SSDEEP

    24576:DibznTknEBNx+te3lcvM2wv8Hbdf3yT+L74mBfNUstzo:DwngEBOte3qvTuMdf3

Malware Config

Extracted

Family

formbook

Campaign

u2t4

Decoy

is0/Kr2pwzJzsQ==

Br+Y1UJXBRwi

3xyPgizUdKz09BsETkl8og==

ze1TAoMAaDPX/7U=

UVOHbw2GAq+PuIWSsQ==

OFq93KpeAiRsF44pjf8c

UjleSFYu2ROPbM8guwc/3jgL5FIc2g==

ow7s/hPgGLjvqwpJxQRltDRE

3OpfZ+axwzJzsQ==

pL9MWhCRBLWPkHMroyxnEnVM

EkLh+4L0Zn/kqj3SzhKGlog=

7WFAPUAKqMzaOaf3h/0jUEsP5FIc2g==

Npp5j75QZShZGHHS0xKGlog=

TzqeenZDdYzTtA==

YZgC6XhkQ/MxdomLwxKGlog=

gZsaHLeQT/1Yl4FYhfAKLV/kkbg=

6jTksbcyDbLMEbkU

RlKKaAnhnksyMwR/mB9umKUWjocoa24=

oDtW4wgWu8cPx93u0AqTK2A7QzRM

JyJyIEb6tH/4mdvroC9pDnIi5FIc2g==

Targets

    • Target

      6c0b46a75222d73d7c3b383335b4445ecbf1e4559b132dc64a291929128c04ae.exe

    • Size

      1014KB

    • MD5

      82d72b9f11196d6a4c1da56621aa747f

    • SHA1

      0cb896439279030d2b3660751d110c909560290f

    • SHA256

      6c0b46a75222d73d7c3b383335b4445ecbf1e4559b132dc64a291929128c04ae

    • SHA512

      dfe2a38d0ef2bd50a8df77930362b35f02414243d72692cbbd3193cbb256dc790f8961b9109fd07fbf1f59d3417c253a18c3cb88b74b78fcdbaba07da7b603e3

    • SSDEEP

      24576:DibznTknEBNx+te3lcvM2wv8Hbdf3yT+L74mBfNUstzo:DwngEBOte3qvTuMdf3

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks