General

  • Target

    db69af7fee69d61e4eb0268afb7cd9f8.exe

  • Size

    286KB

  • Sample

    230711-pwr5jsab2s

  • MD5

    db69af7fee69d61e4eb0268afb7cd9f8

  • SHA1

    47568ce8cc356ad3858fc25c334e63d7b8742849

  • SHA256

    7644456ea433ce8755d64746d7420bcc88df377ac1242657f6428c4a9c51173a

  • SHA512

    78e350a54c221b7fabb9780cb6adc70e62a4ef39278a8545795a777a17a84203d2dc689f78531f1118ee6afa875fa52d8fe138cb8b20ac0acfcd28461652b22d

  • SSDEEP

    6144:mz2PI+nT0UvWKIAaMBzLpPCyw7QlBRg5cb3k+mKbG/ICLJqZ:BI4xTIJMxLoNiDkhKdCcZ

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

al05

Decoy

becapmuiu.xyz

wearerp.com

beautychannel.world

kuwiti.com

vex5678.com

pecanbayouwoodworks.com

lrsconcrete.com

emgje.buzz

haorizi.net

tradingbattle.net

growgram.info

zuolide.com

poliedriconsulting.com

persjateng.com

pseudlifelif.com

tgteletg.top

33changing.com

jayagrandcounty.com

thegopigirls.com

c8685.top

Targets

    • Target

      db69af7fee69d61e4eb0268afb7cd9f8.exe

    • Size

      286KB

    • MD5

      db69af7fee69d61e4eb0268afb7cd9f8

    • SHA1

      47568ce8cc356ad3858fc25c334e63d7b8742849

    • SHA256

      7644456ea433ce8755d64746d7420bcc88df377ac1242657f6428c4a9c51173a

    • SHA512

      78e350a54c221b7fabb9780cb6adc70e62a4ef39278a8545795a777a17a84203d2dc689f78531f1118ee6afa875fa52d8fe138cb8b20ac0acfcd28461652b22d

    • SSDEEP

      6144:mz2PI+nT0UvWKIAaMBzLpPCyw7QlBRg5cb3k+mKbG/ICLJqZ:BI4xTIJMxLoNiDkhKdCcZ

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Formbook payload

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks