General

  • Target

    new.exe

  • Size

    432KB

  • Sample

    230216-1nh3fsbh3y

  • MD5

    e3a874c6e454d2591f5380be7aa4dff4

  • SHA1

    3714bee104682ecc3867aa84f9b049d3b6d58639

  • SHA256

    9e804f046cb3978daaa84fe71badb3a5fef3aea5387377e3b05524cbb8092a89

  • SHA512

    6eb235dfcdb612b4db9926275e827e179166e3522256de14b51da3fb6610fe610c6547c7eb29ceb3b95eebb434c68d9bf000e7d1a14320853363e0dcd0c0f93e

  • SSDEEP

    12288:TY74I2N2tpc73OFMf0aHFJOJYT8htu8GIS1r7L:TY7G2tW731zHnOJYmE8Fq3L

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ho62

Decoy

aqawonky.com

ancachsroadsideassistance.com

artologycreatlive.com

olesinfo.africa

lovebreatheandsleep.com

friendsofdragonsprings.com

homecomingmums.wiki

hg222.bet

precision-spares.co.uk

generalhospitaleu.africa

touchstone4x4.africa

dynamator.com

dental-implants-52531.com

efefear.buzz

bentonapp.net

89luxu.com

bridgesonelm.com

acesaigon.online

instantapprovals.loans

evuniverso.com

Targets

    • Target

      new.exe

    • Size

      432KB

    • MD5

      e3a874c6e454d2591f5380be7aa4dff4

    • SHA1

      3714bee104682ecc3867aa84f9b049d3b6d58639

    • SHA256

      9e804f046cb3978daaa84fe71badb3a5fef3aea5387377e3b05524cbb8092a89

    • SHA512

      6eb235dfcdb612b4db9926275e827e179166e3522256de14b51da3fb6610fe610c6547c7eb29ceb3b95eebb434c68d9bf000e7d1a14320853363e0dcd0c0f93e

    • SSDEEP

      12288:TY74I2N2tpc73OFMf0aHFJOJYT8htu8GIS1r7L:TY7G2tW731zHnOJYmE8Fq3L

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks