General

  • Target

    Inv_7623980.rar

  • Size

    526KB

  • Sample

    230519-jsn1tsfe41

  • MD5

    da3970f95716efa57f80ce202111c26d

  • SHA1

    a551f2ff2a0fef51362df45251f81539981ce9f8

  • SHA256

    19212e9ee735e4b773671add4df8b9ac059ce9d59011238044b17643ad8e14fe

  • SHA512

    b67ec298aef6e57a8206e27bd582b0bce90827f3274dd17a87a520f06c33578d037c310ccc5ab3725e630fb63fe0b3bb5b9e2c2739f2634059d19b407964e6de

  • SSDEEP

    12288:puH6DlJ0p+PVRx9cX3Ygvx8HEc2tLpFHaWSkAGkYnth2OH:MH6DlJ/NR+33c2tL2kAIh2OH

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m82

Decoy

jamesdevereux.com

artificialturfminneapolis.com

hongmeiyan.com

lojaderoupasbr.com

yit.africa

austinrelocationexpert.com

saiva.page

exitsategy.com

chochonux.com

klosterbraeu-unterliezheim.com

byseymanur.com

sblwarwickshire.co.uk

brazimaid.com

ciogame.com

bronzesailing.com

dwkapl.xyz

022dyd.com

compassandpathwriting.com

alphabet1x.com

selfcleaninghairbrush.co.uk

Targets

    • Target

      Inv_7623980.exe

    • Size

      711KB

    • MD5

      9fefd93d8530102d9b1689d0aa233e51

    • SHA1

      6c3f12a9fa864ac8c783da3f2a5b75254a692f85

    • SHA256

      3017b026d0925919ad8085d523f83235fa84ead58d1399576e60e6183003820e

    • SHA512

      45754db3bd5cc9d11d42f5b226efceac2b9694188e5843ccc28b103b005776e92b859f0fcdb7a192b7ed22fd00001ee21c15def22446c8deb07e2375a9ccb3e5

    • SSDEEP

      12288:4MqBGppnzSOTzo6rv625OPX4EaxKqHcTZK9Mlr:9q0pBSOTc6Dn5MX4uq8Zz

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks