General

  • Target

    801d5a649bf0cd074fddca06aa31dd5e9662f3b5358e18778f1fad27ca7ffddf

  • Size

    818KB

  • Sample

    230507-efr5haed2t

  • MD5

    42145d737de41409248b1b698e7320fe

  • SHA1

    05c8528ae0606f011d387faeabedf38736e88b79

  • SHA256

    801d5a649bf0cd074fddca06aa31dd5e9662f3b5358e18778f1fad27ca7ffddf

  • SHA512

    f35bb2ed6d188ff2e0253bc71973643631b2c2e8fd63169c2962296b8b74da1909e6d07985c30c3f210c82ba6cd91a43d889b7799b7006a1357d7897d5306594

  • SSDEEP

    12288:hhQCXBYvREMuQwOgcovsQACLnwo9laT472sUkhYRgCSa9isg7GUxYJ:dYv0QgcoUQJLnzoTyRh

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gtt8

Decoy

thesuccessbot.com

rittercivil.com

jt1.fun

d365extension.com

quqoxeq.top

visittworiverswi.com

bfprotienda.com

greenhabitsph.com

ladmere.com

clockboutiques.com

minwart.xyz

xinyuejiancai.online

eggsl.com

fetchingcandles.com

skywatiniya.com

hinkley.news

realityonlineenterprises.com

teamcroissant.com

esfera-pv.ch

herdadedosmontesbastos.com

Targets

    • Target

      801d5a649bf0cd074fddca06aa31dd5e9662f3b5358e18778f1fad27ca7ffddf

    • Size

      818KB

    • MD5

      42145d737de41409248b1b698e7320fe

    • SHA1

      05c8528ae0606f011d387faeabedf38736e88b79

    • SHA256

      801d5a649bf0cd074fddca06aa31dd5e9662f3b5358e18778f1fad27ca7ffddf

    • SHA512

      f35bb2ed6d188ff2e0253bc71973643631b2c2e8fd63169c2962296b8b74da1909e6d07985c30c3f210c82ba6cd91a43d889b7799b7006a1357d7897d5306594

    • SSDEEP

      12288:hhQCXBYvREMuQwOgcovsQACLnwo9laT472sUkhYRgCSa9isg7GUxYJ:dYv0QgcoUQJLnzoTyRh

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks