General

  • Target

    tmp

  • Size

    259KB

  • Sample

    230303-pzp5csha3w

  • MD5

    4e8bee4ffcd91df4d0af5ad5809a5836

  • SHA1

    f667fdda0388044884a7b98a9e25c79344e986ec

  • SHA256

    fe69a7884252cb7f2728065d43e5143e1c6168b5800813154f70727a97f78fc2

  • SHA512

    7d78d0fe3c3d761db9e79de77d2100d829f46b1c343e0fe0d59c2f6e30a41ed5ab3bbe6d154b01b71c1883a824f458865d0614fe40c3178963ef5ecfe079185b

  • SSDEEP

    6144:/Ya6Wp9dAl3KJDohZfDxO9rItqosk+MMnrSQBQvfD+DnYTT14UPj7Q:/YopwlqM7D09stErqQKvfAnYTT1PY

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ho62

Decoy

aqawonky.com

ancachsroadsideassistance.com

artologycreatlive.com

olesinfo.africa

lovebreatheandsleep.com

friendsofdragonsprings.com

homecomingmums.wiki

hg222.bet

precision-spares.co.uk

generalhospitaleu.africa

touchstone4x4.africa

dynamator.com

dental-implants-52531.com

efefear.buzz

bentonapp.net

89luxu.com

bridgesonelm.com

acesaigon.online

instantapprovals.loans

evuniverso.com

Targets

    • Target

      tmp

    • Size

      259KB

    • MD5

      4e8bee4ffcd91df4d0af5ad5809a5836

    • SHA1

      f667fdda0388044884a7b98a9e25c79344e986ec

    • SHA256

      fe69a7884252cb7f2728065d43e5143e1c6168b5800813154f70727a97f78fc2

    • SHA512

      7d78d0fe3c3d761db9e79de77d2100d829f46b1c343e0fe0d59c2f6e30a41ed5ab3bbe6d154b01b71c1883a824f458865d0614fe40c3178963ef5ecfe079185b

    • SSDEEP

      6144:/Ya6Wp9dAl3KJDohZfDxO9rItqosk+MMnrSQBQvfD+DnYTT14UPj7Q:/YopwlqM7D09stErqQKvfAnYTT1PY

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Command-Line Interface

1
T1059

Discovery

System Information Discovery

2
T1082

Tasks