General

  • Target

    cd375ab06baa7632e9c4e7c951228ef1.exe

  • Size

    292KB

  • Sample

    230328-hzyceabc8y

  • MD5

    cd375ab06baa7632e9c4e7c951228ef1

  • SHA1

    191c0f1539b7f10bac1f03ed2a73195ece5408b2

  • SHA256

    4431648599d5c8d9ed6324d5cfaccf83daaecf91b9637b1cf308b8004ca43757

  • SHA512

    fbf2cce383ec328e014251571a082a8d17dffa310f0aaf6411beae59a0bb9d870ce0f8d146b20655bc08e59541c7652377cec0bb0fbeba793ae6af42c398b3d8

  • SSDEEP

    6144:vYa6GHiMHl4ntbIAq/ggT+8CrV2QLsDddpIm6UqoF+a:vY4HdHlit5WgK+8CrV1LsDdzkUqoV

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sa79

Decoy

aidigify.com

angelavamundson.xyz

glicotoday.fun

agencyforbuyers.com

blacklifecoachquiz.com

4e6aqw.site

huawei1990.com

diyetcay.online

chesirechefs.co.uk

generalhospitaleu.africa

hfewha.xyz

lemons2cents.com

rahilprakash.com

kave.tech

netlexfrance.net

youthexsa.africa

car-covers-40809.com

bambooactive.store

fotobugil48.com

kuhler.club

Targets

    • Target

      cd375ab06baa7632e9c4e7c951228ef1.exe

    • Size

      292KB

    • MD5

      cd375ab06baa7632e9c4e7c951228ef1

    • SHA1

      191c0f1539b7f10bac1f03ed2a73195ece5408b2

    • SHA256

      4431648599d5c8d9ed6324d5cfaccf83daaecf91b9637b1cf308b8004ca43757

    • SHA512

      fbf2cce383ec328e014251571a082a8d17dffa310f0aaf6411beae59a0bb9d870ce0f8d146b20655bc08e59541c7652377cec0bb0fbeba793ae6af42c398b3d8

    • SSDEEP

      6144:vYa6GHiMHl4ntbIAq/ggT+8CrV2QLsDddpIm6UqoF+a:vY4HdHlit5WgK+8CrV1LsDdzkUqoV

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks