General

  • Target

    5dca93e324db82758adb6519abd65e2712bb69c267730bda6d6bf9646544a947

  • Size

    294KB

  • Sample

    230804-nslypabg8v

  • MD5

    1aca72529f3d7a9bd5378b72c40ba060

  • SHA1

    1e7ca79aff89651999b9df07be8f40ab86291867

  • SHA256

    5dca93e324db82758adb6519abd65e2712bb69c267730bda6d6bf9646544a947

  • SHA512

    16538a3fbbd3e113ebbd1049c692fa458cbfaaebcb1a02b07f29b236c8e37d053236919cf9d2562171b1075b3c6edb76723a57890fe8beef8b8dc28a06834b77

  • SSDEEP

    6144:ajC8w75wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww5w5wwwwwwl:z8w75wwwwwwwwwwwwwwwwwwwwwwwwwwd

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

my26

Decoy

hqe0aw.cfd

kompromat1.life

cruises-62138.bond

servru.fun

019469.com

nelcorgold.com

tscauknf2.com

satset5.shop

kraflex.net

indoxl.city

jcm-54.com

wantedleds.shop

vzuqiiud.cfd

filipe.works

vistservice.online

bjnyfjef.cfd

thegolffund.com

hadyjayapropertindo.com

passionalchemy.com

k9eiow.cfd

Targets

    • Target

      5dca93e324db82758adb6519abd65e2712bb69c267730bda6d6bf9646544a947

    • Size

      294KB

    • MD5

      1aca72529f3d7a9bd5378b72c40ba060

    • SHA1

      1e7ca79aff89651999b9df07be8f40ab86291867

    • SHA256

      5dca93e324db82758adb6519abd65e2712bb69c267730bda6d6bf9646544a947

    • SHA512

      16538a3fbbd3e113ebbd1049c692fa458cbfaaebcb1a02b07f29b236c8e37d053236919cf9d2562171b1075b3c6edb76723a57890fe8beef8b8dc28a06834b77

    • SSDEEP

      6144:ajC8w75wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww5w5wwwwwwl:z8w75wwwwwwwwwwwwwwwwwwwwwwwwwwd

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Formbook payload

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks