General

  • Target

    new.exe

  • Size

    423KB

  • Sample

    230220-ph937sad6y

  • MD5

    d00138d4097d9e64a13f408bb7441b4f

  • SHA1

    e7d7447a48917bb0090f4d2f80148006f91d8228

  • SHA256

    1954e5d17d12c8b4fabdb74dec7e0001ce7a5143052430155668111e1e4039cf

  • SHA512

    f7a3f7c59888edc4270bb31c65bd6d25d43b16d6835d3638f1693fb0fbbef1f09aa7512f7e41bf455fd96a5cb029d491d8a33b1b727c00793134fda92b933ff4

  • SSDEEP

    6144:jYa6DVGiehYrkn1BvF7f9wINRpJpkSsysPN4SoR/tbr/k63U/sO1i8FlTdI3:jYxVNeug7f9wITdkSsV43dI6E/Hfs

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ho62

Decoy

aqawonky.com

ancachsroadsideassistance.com

artologycreatlive.com

olesinfo.africa

lovebreatheandsleep.com

friendsofdragonsprings.com

homecomingmums.wiki

hg222.bet

precision-spares.co.uk

generalhospitaleu.africa

touchstone4x4.africa

dynamator.com

dental-implants-52531.com

efefear.buzz

bentonapp.net

89luxu.com

bridgesonelm.com

acesaigon.online

instantapprovals.loans

evuniverso.com

Targets

    • Target

      new.exe

    • Size

      423KB

    • MD5

      d00138d4097d9e64a13f408bb7441b4f

    • SHA1

      e7d7447a48917bb0090f4d2f80148006f91d8228

    • SHA256

      1954e5d17d12c8b4fabdb74dec7e0001ce7a5143052430155668111e1e4039cf

    • SHA512

      f7a3f7c59888edc4270bb31c65bd6d25d43b16d6835d3638f1693fb0fbbef1f09aa7512f7e41bf455fd96a5cb029d491d8a33b1b727c00793134fda92b933ff4

    • SSDEEP

      6144:jYa6DVGiehYrkn1BvF7f9wINRpJpkSsysPN4SoR/tbr/k63U/sO1i8FlTdI3:jYxVNeug7f9wITdkSsV43dI6E/Hfs

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks