General

  • Target

    db8ac3b23fae106a86eb646f297e3f5c.bin

  • Size

    591KB

  • Sample

    230831-cekypacc75

  • MD5

    6dd4cd1c783e94c818449766949eef13

  • SHA1

    2710ae3726a2dc62bf0e516e90de8dc0adf69978

  • SHA256

    3fc6051fd94ddd9aae4e63c7a1394ec95b05f53460e5d3a0e78eb4f2bcd6520c

  • SHA512

    cf475f22f9ece1e81f512c49665ba1e1ff24c5727e2dae4107ff5724721aeb296ec66f19d4c85365addd44dd9d971d1df3bea1ea6578e13d79b3e29c62aede1f

  • SSDEEP

    12288:0kxHUQp4izsSKvsPvV9CHss/y8o8dxAXLmcAE9E0ph/ohFn9t/B3R33qzoGnzT3n:DuQp4izPvVsHsME8QAE9FwhFrpF3qzXX

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gg62

Decoy

refrigerators-pk.today

jajifi.fun

fivonworld.com

rangbangs.com

server-dell.com

jefevirtual.com

jobode.info

grindhardgarage.com

gaoxiba168.com

thekotturfund.com

taberla.com

santorinieshop.com

ajptqqex.click

johnjaen.com

innovantdev.com

mjofvsea2.com

yun0796.com

rokovoko.nexus

tuabogado.gratis

jqinnovation.online

Targets

    • Target

      946c1319c6a08e50e191cc56cac6895bfac47b2e766901a8714251f40a06bdff.exe

    • Size

      632KB

    • MD5

      db8ac3b23fae106a86eb646f297e3f5c

    • SHA1

      2b1c72305279bd7cef63b24ad08e28434b21db41

    • SHA256

      946c1319c6a08e50e191cc56cac6895bfac47b2e766901a8714251f40a06bdff

    • SHA512

      bea9418e6f5e39019b05b84899652ed455a805e863caa3e3986fef26c47e6fb9a1b365d2388ff61424b3241f8e5847d3e8bfc46c3190f35a49c5abe25242eeaa

    • SSDEEP

      12288:8BDoCUhRcOJ5cmu6nwpbrK8uo7SgJvzqYDc7bdQw90ETfNx24l7tWQssgRHQt5:gx5yBnA+oWgJvzxc7i7ENx7RMRHQt

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks