General

  • Target

    e9286af0e6c41541277a9c7c6f0ad36f.bin

  • Size

    327KB

  • Sample

    230328-cz9gsaad6x

  • MD5

    555f63e6bec6aa60fe66aa69430a4297

  • SHA1

    499b3d18936cac3e4e8708dbd8e667dc62109ce5

  • SHA256

    b8e9ca9ba3a260eef2a830e3ce678e382be76020ff26b832ef2cb56b0b39df6e

  • SHA512

    b96e9642f64281f728f41ad3b38b5e4877401d92ed2c9a973ef05fab400c11548ff383a0468ea53d9e742bcce6ba306f5edad00666b62ee702b7131e2fe8da56

  • SSDEEP

    6144:HL6yhop/CAwIHMuLt9HjwbJS7tG3pJep6ODsVX1PaiFj6faEVd:HLLoVVcuLr0JSxGKp66sVX1JFgaId

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ke03

Decoy

fastartcustom.com

ikanggabus.xyz

aevum.ru

lacarretapps.com

arcaneacquisitions.net

fuulyshop.com

bloodbahis278.com

bullardrvpark.com

cowboy-hostel.xyz

empireoba.com

the-windsor-h.africa

help-desk-td.com

dofirosols.life

efefarmy.buzz

kewwrf.top

autoran.co.uk

moodysanalytics.boo

kulturemarket.com

ffwpu-kenya.com

heykon.com

Targets

    • Target

      0ca1816f2c6bc6bb3e9dc4f32b36211472bf4d737d561e9c0a2d67ad38f474a2.bin

    • Size

      341KB

    • MD5

      36795a69031d90410d834ad79b3c43e6

    • SHA1

      2ffcc154f19ece4f42d25f3d37fade1d7312e388

    • SHA256

      0ca1816f2c6bc6bb3e9dc4f32b36211472bf4d737d561e9c0a2d67ad38f474a2

    • SHA512

      f745df8db8ddbbc0658ee29cf420c5d5e8773be3a13fc1f055dc222d2f937f251a99db1477982594edbdc78d0decb8d8c9f5aa1feefbbe67a372979273c52882

    • SSDEEP

      6144:/Ya6OjgM/tPAQTVtnJJgl1wPUOCDpTzt9FD4QbCZv1bfJqy1z2Ek9gqCiGw:/YI0M/JrWiPiTz9UrZZKEMgQGw

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks