General

  • Target

    93A60B00B3933B1D036AA791E81EFE05249C5563384F2DDD04492B6BE6563583

  • Size

    1.6MB

  • Sample

    230208-v29vfadf27

  • MD5

    04377905d08675dc437756ba2cdfd9fe

  • SHA1

    0efa33091a6aa13f0bdc77bd06a2a103f3c33455

  • SHA256

    93a60b00b3933b1d036aa791e81efe05249c5563384f2ddd04492b6be6563583

  • SHA512

    bf28200e0be3ea3715654dda8b46fd2bc63f99c22ee3cd866f1c0acee25926d4fc0c7b5e2f87130e35f7b60e267dc1f963f102de1498ce8e909cfea2a8899e4b

  • SSDEEP

    49152:KmVBGXV62RHZq7oRc8biOoe8n45yO5CTICfF00kqfd:KmV2V62R5MoRPX4AyO5SDfF00kwd

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gune

Decoy

artentarn.net

allstarpurchaslng.com

lendhave.quest

3yza.com

qpyikn.shop

play-fortuna-win-15.top

jaspergirl.store

naranjacanelaymiel.online

hiddenvalley-farms.com

gas-grills-66023.com

fp-wp.com

livepix.ltda

liholagroup.com

erlinjobs.com

doctorhooper.net

sggwmdkk.shop

ujuyzw.shop

gameclubzeed.com

myhomewish.com

ontopageone.com

Targets

    • Target

      Payment-Advice.exe

    • Size

      2.6MB

    • MD5

      3e416710f120b91849b1878d07ecacd0

    • SHA1

      71eb6640520773803b0201cf4466ff57cb3ac81f

    • SHA256

      a56fd898ced9c080955b0ee12f4d652bd1b74ddde43470e94033a288e2b97dfc

    • SHA512

      3dd24bbff081711efb22f9c4b056e820fbbb45722ef911c7b9bf68b91ed436b2f16af95d2970b29c1d77858f922b4e91b8f2d61856d06d31731de983a796b451

    • SSDEEP

      49152:l0LiB3F6szZwltsrSKYsbCNICNfoAgQflqB:l3F62ZwDqSsbODNfoAgqK

    • Detect PureCrypter injector

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • PureCrypter

      PureCrypter is a .NET malware loader first seen in early 2021.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.