General

  • Target

    invoice.exe

  • Size

    727KB

  • Sample

    230503-q5qthseh59

  • MD5

    b0ca2f76a71ba322dab26bfb0eae3977

  • SHA1

    f3e9c81c880ec14019280b6624e1092a65496b5a

  • SHA256

    24380c6d7b340557a8e71c58078bd0ed311e3c42b975a75d23a0056210e2ad3e

  • SHA512

    529eaf4481770e3940a8e3323ba9260485d9bf5a60632b7ecc38522b8ca39f94534ab8f073500839ae03600339830ae435a143b04a7a9ba46786764b2680cc19

  • SSDEEP

    12288:EB6C6YN1PCGEDUuCkaRundIbjl7GlU+1FlQhLdzQEdCcZKW7/e3w:zLcLRunmfFmjnCCcZh7/e3w

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m82

Decoy

jamesdevereux.com

artificialturfminneapolis.com

hongmeiyan.com

lojaderoupasbr.com

yit.africa

austinrelocationexpert.com

saiva.page

exitsategy.com

chochonux.com

klosterbraeu-unterliezheim.com

byseymanur.com

sblwarwickshire.co.uk

brazimaid.com

ciogame.com

bronzesailing.com

dwkapl.xyz

022dyd.com

compassandpathwriting.com

alphabet1x.com

selfcleaninghairbrush.co.uk

Targets

    • Target

      invoice.exe

    • Size

      727KB

    • MD5

      b0ca2f76a71ba322dab26bfb0eae3977

    • SHA1

      f3e9c81c880ec14019280b6624e1092a65496b5a

    • SHA256

      24380c6d7b340557a8e71c58078bd0ed311e3c42b975a75d23a0056210e2ad3e

    • SHA512

      529eaf4481770e3940a8e3323ba9260485d9bf5a60632b7ecc38522b8ca39f94534ab8f073500839ae03600339830ae435a143b04a7a9ba46786764b2680cc19

    • SSDEEP

      12288:EB6C6YN1PCGEDUuCkaRundIbjl7GlU+1FlQhLdzQEdCcZKW7/e3w:zLcLRunmfFmjnCCcZh7/e3w

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks