General

  • Target

    ce6f86b448dca8eade4bc43aac4cc5cf4692bdfb

  • Size

    861KB

  • Sample

    230104-hyxpgsed32

  • MD5

    69c7175b6059bc3ef1f2d115e8f849a3

  • SHA1

    ce6f86b448dca8eade4bc43aac4cc5cf4692bdfb

  • SHA256

    9ba86919308607097ed2da7d7857626435ab53b8b00b88f826fb1f403013fc7c

  • SHA512

    093d47fac1cf86a8f9c47a44a33977b5548024b037196350e49eb8363ff333e2ade232c9b02dd1a6ff2742c9e81ca11a651d2757e7b11904309f4e0306a27207

  • SSDEEP

    12288:Z3ZKHRfBUCDkdTWrifH7IINt0gpWOJSqLRrSfN9YnZNM0MSvhh7LUQw:5ZofBUCDcTZPWOTdS1Cn/M0MSvfS

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ned5

Decoy

asian-dating-42620.com

ttg06.com

cupandbelle.com

prepaidprocess.com

jrzkt.com

hdgby2.com

finnnann.com

chillpill-shoppygood.com

sfdgg.online

articlerewritertool.net

cdjxsculture.com

omnificare.info

lasafblanch.com

omaxfort.xyz

spk.info

shb1368.com

jewelry-10484.com

hubsp0t.com

shronky.com

yangjh34.com

Targets

    • Target

      ce6f86b448dca8eade4bc43aac4cc5cf4692bdfb

    • Size

      861KB

    • MD5

      69c7175b6059bc3ef1f2d115e8f849a3

    • SHA1

      ce6f86b448dca8eade4bc43aac4cc5cf4692bdfb

    • SHA256

      9ba86919308607097ed2da7d7857626435ab53b8b00b88f826fb1f403013fc7c

    • SHA512

      093d47fac1cf86a8f9c47a44a33977b5548024b037196350e49eb8363ff333e2ade232c9b02dd1a6ff2742c9e81ca11a651d2757e7b11904309f4e0306a27207

    • SSDEEP

      12288:Z3ZKHRfBUCDkdTWrifH7IINt0gpWOJSqLRrSfN9YnZNM0MSvhh7LUQw:5ZofBUCDcTZPWOTdS1Cn/M0MSvfS

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks