General

  • Target

    eebdd5b69b2fbe296a4e848b6ece83e7.exe

  • Size

    88KB

  • Sample

    230330-jensxabe59

  • MD5

    eebdd5b69b2fbe296a4e848b6ece83e7

  • SHA1

    a416b80860c5810aa92c72382eb34c29a36ad34a

  • SHA256

    dfb9a75bd82bcf0d9f72647affdf954d936d629eb3be78fe4b5c9b5166ccb9d6

  • SHA512

    b3d4a1cde995d12e16367fd0437a0fcd2bf52081aba40eace547e79838d17de40bb5162112132d3d1c49f7baf9a4c1581a8c4f696df64b4321c6f7cd27245afa

  • SSDEEP

    1536:LgBV6YZ3juIBFXJpk+CfZxtLOgiC2fjYYYYYYfpQpQpQpPd49N7H:UBV6KTBBFXJpk+CfZHLO1zfzpQpQpQp+

Malware Config

Extracted

Family

purecrypter

C2

http://192.3.215.60/uo7/Cbqta.png

Extracted

Family

formbook

Version

4.1

Campaign

ar73

Decoy

classgorilla.com

b6817.com

1wwuwa.top

dgslimited.africa

deepwaterships.com

hkshshoptw.shop

hurricanevalleyatvjamboree.com

ckpconsulting.com

laojiangmath.com

authenticityhacking.com

family-doctor-53205.com

investinstgeorgeut.com

lithoearthsolution.africa

quickhealcareltd.co.uk

delightkgrillw.top

freezeclosettoilet.com

coo1star.com

gemgamut.com

enrichednetworksolutions.com

betterbeeclean.com

Targets

    • Target

      eebdd5b69b2fbe296a4e848b6ece83e7.exe

    • Size

      88KB

    • MD5

      eebdd5b69b2fbe296a4e848b6ece83e7

    • SHA1

      a416b80860c5810aa92c72382eb34c29a36ad34a

    • SHA256

      dfb9a75bd82bcf0d9f72647affdf954d936d629eb3be78fe4b5c9b5166ccb9d6

    • SHA512

      b3d4a1cde995d12e16367fd0437a0fcd2bf52081aba40eace547e79838d17de40bb5162112132d3d1c49f7baf9a4c1581a8c4f696df64b4321c6f7cd27245afa

    • SSDEEP

      1536:LgBV6YZ3juIBFXJpk+CfZxtLOgiC2fjYYYYYYfpQpQpQpPd49N7H:UBV6KTBBFXJpk+CfZHLO1zfzpQpQpQp+

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • PureCrypter

      PureCrypter is a .NET malware loader first seen in early 2021.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks