General

  • Target

    SWIFT copy 27092023.exe

  • Size

    636KB

  • Sample

    231011-nsbsqaed88

  • MD5

    daf6c083b09bbd7db92bd975933097b8

  • SHA1

    b5ecee6fd39b1b89a1246842bdb93b34d6a3637e

  • SHA256

    be5825c707b2fd0d972ae9d2431561b9215de539846232cff466cb11e20b9d89

  • SHA512

    1c04f5f7b0f93e60c85cc648c99db1eac0fb5a959bc5995122f2768525ee521d46c6126ca7d5029d7e7dbeb964efccfb2cd0f8cfce0f35fd873ec1e9cc80b8aa

  • SSDEEP

    12288:M6LyiRJU/Wcj1XdosluhJFkin+93RGWPjQaz6W5i8Nc5bz9efDK0Z:RmFeQ8sgkG+hRB7QTKiq80Z

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

r65e

Decoy

cgoxzsep4.com

browser-privacy.xyz

ganjatr.com

generativebreakup.shop

rhoheritage.com

theriprapcompany.com

520baobao.com

theroomdividers.services

justfind.info

88av552.top

myhywea.info

oe9-kumamoto.xyz

awves.skin

hntv9037.top

velscleaningservices.com

hjjkk89.xyz

acessonlinenetbrdia.site

programmerxx.com

openai-clone.com

xn--xysu5cre277avz6d8ud.com

Targets

    • Target

      SWIFT copy 27092023.exe

    • Size

      636KB

    • MD5

      daf6c083b09bbd7db92bd975933097b8

    • SHA1

      b5ecee6fd39b1b89a1246842bdb93b34d6a3637e

    • SHA256

      be5825c707b2fd0d972ae9d2431561b9215de539846232cff466cb11e20b9d89

    • SHA512

      1c04f5f7b0f93e60c85cc648c99db1eac0fb5a959bc5995122f2768525ee521d46c6126ca7d5029d7e7dbeb964efccfb2cd0f8cfce0f35fd873ec1e9cc80b8aa

    • SSDEEP

      12288:M6LyiRJU/Wcj1XdosluhJFkin+93RGWPjQaz6W5i8Nc5bz9efDK0Z:RmFeQ8sgkG+hRB7QTKiq80Z

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks