General

  • Target

    85abcc70fdc2527f8c6572efbd759073c1b409b9a806f2b27425808bbe3211ba

  • Size

    261KB

  • Sample

    230306-dsj4zsaa2s

  • MD5

    6f67808d109e693faccbead538c9fdd9

  • SHA1

    a96325f7bb589f8b63af347c982e1a9177cc8686

  • SHA256

    85abcc70fdc2527f8c6572efbd759073c1b409b9a806f2b27425808bbe3211ba

  • SHA512

    88e52f650ae7c8936e8b2ebe2b4d883f7f577da491d85b2ba1ecc2c7f535961b4db8e5b6bd2567bf61fae38bb9bf40c9a66b7433c8b105868efa6e95b5aaa710

  • SSDEEP

    6144:PYa6gVlkprrwLO5cekvA/NpGuEFJLyDFMfrQKD/IEdE3ZKAxXR:PYWVyprr1cTuELugQKD/IEG3ZKa

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ho62

Decoy

aqawonky.com

ancachsroadsideassistance.com

artologycreatlive.com

olesinfo.africa

lovebreatheandsleep.com

friendsofdragonsprings.com

homecomingmums.wiki

hg222.bet

precision-spares.co.uk

generalhospitaleu.africa

touchstone4x4.africa

dynamator.com

dental-implants-52531.com

efefear.buzz

bentonapp.net

89luxu.com

bridgesonelm.com

acesaigon.online

instantapprovals.loans

evuniverso.com

Targets

    • Target

      85abcc70fdc2527f8c6572efbd759073c1b409b9a806f2b27425808bbe3211ba

    • Size

      261KB

    • MD5

      6f67808d109e693faccbead538c9fdd9

    • SHA1

      a96325f7bb589f8b63af347c982e1a9177cc8686

    • SHA256

      85abcc70fdc2527f8c6572efbd759073c1b409b9a806f2b27425808bbe3211ba

    • SHA512

      88e52f650ae7c8936e8b2ebe2b4d883f7f577da491d85b2ba1ecc2c7f535961b4db8e5b6bd2567bf61fae38bb9bf40c9a66b7433c8b105868efa6e95b5aaa710

    • SSDEEP

      6144:PYa6gVlkprrwLO5cekvA/NpGuEFJLyDFMfrQKD/IEdE3ZKAxXR:PYWVyprr1cTuELugQKD/IEG3ZKa

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks