General

  • Target

    4b7d1b8ea4216a534fd58d14e57d896be794d15ac910ff2b3c31a9762fdb6923exe_JC.exe

  • Size

    247KB

  • Sample

    230803-tnrk9sfd9s

  • MD5

    23a7dbb59f260aeb1322319c4ba8704c

  • SHA1

    be5ccabda6d58e2a70bd3d5058ff50e59b643835

  • SHA256

    4b7d1b8ea4216a534fd58d14e57d896be794d15ac910ff2b3c31a9762fdb6923

  • SHA512

    e688d7c24a79869d52824367bb76eec7bb95309c9d8f6cc3797daf316a29e3ab35516c5b14f278a481131098f6dac3df2af42f758610de3460d87be91b3a2e8a

  • SSDEEP

    6144:Hj+q7O0EqkEDwbp3yH/4cnFn+UeHck0Iw:tVJDwbpif4AFn+U/

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

my26

Decoy

hqe0aw.cfd

kompromat1.life

cruises-62138.bond

servru.fun

019469.com

nelcorgold.com

tscauknf2.com

satset5.shop

kraflex.net

indoxl.city

jcm-54.com

wantedleds.shop

vzuqiiud.cfd

filipe.works

vistservice.online

bjnyfjef.cfd

thegolffund.com

hadyjayapropertindo.com

passionalchemy.com

k9eiow.cfd

Targets

    • Target

      4b7d1b8ea4216a534fd58d14e57d896be794d15ac910ff2b3c31a9762fdb6923exe_JC.exe

    • Size

      247KB

    • MD5

      23a7dbb59f260aeb1322319c4ba8704c

    • SHA1

      be5ccabda6d58e2a70bd3d5058ff50e59b643835

    • SHA256

      4b7d1b8ea4216a534fd58d14e57d896be794d15ac910ff2b3c31a9762fdb6923

    • SHA512

      e688d7c24a79869d52824367bb76eec7bb95309c9d8f6cc3797daf316a29e3ab35516c5b14f278a481131098f6dac3df2af42f758610de3460d87be91b3a2e8a

    • SSDEEP

      6144:Hj+q7O0EqkEDwbp3yH/4cnFn+UeHck0Iw:tVJDwbpif4AFn+U/

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Formbook payload

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks