General

  • Target

    fbd94fb97d2547ee65cd22495a3e294f16e93ddbc13f50314a5592cef270b8a7

  • Size

    568KB

  • Sample

    231011-pfm6naef91

  • MD5

    122738a483c85d46cc209a8bbf22983d

  • SHA1

    4bef37ef8eff9d2e2693281832acc63176c9c99b

  • SHA256

    fbd94fb97d2547ee65cd22495a3e294f16e93ddbc13f50314a5592cef270b8a7

  • SHA512

    aaaf6dfaa6e7524968b8c862ace96c03965829c150b1bf525f8bd29baf7d49a053c321dc9895e9ac6753f311c0d10d3ba8c4e7a7022d81cd07ed010f7c3ba658

  • SSDEEP

    12288:u6cUYsGWUtQ8wFfv/u9cQfo/vb1ZnCWaSFMIoMAqCTyfAux:udrs/FfCUvRZCWwMAqNxx

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oi24

Decoy

sorterexpo.com

50imty.xyz

biscotrucking.com

urawep.xyz

parthaviorganic.com

quali-con.com

wgimawmo.click

19829e.com

wendywardband.com

peraepin.com

wintercot.com

cqfvnzlk.click

furar.top

fcvorbww.click

gazetarendaextra.com

bakerstack.com

plant-nursery-boweco.com

30235p.com

sartensaludable.com

dalmatiangarden.com

Targets

    • Target

      configprk.exe

    • Size

      644KB

    • MD5

      e129e187b8f6e26c4eac04a159f29424

    • SHA1

      612b7eefdecbcd2775c0baf75881ff1339cf2ddd

    • SHA256

      77e4bbd48ff126b8c4aea416c49bf38648498bcec17e108fd2c2111fea00bc66

    • SHA512

      ff843d1a7651b0ef582c617425da0aac7decf9e96efc283217c7cae82e76b4409637527700f1ef23956b88f3f27058d2ac673f8b092c610692c14fe555a92ef1

    • SSDEEP

      12288:QmDQrKS2iNtOdSEdfejEHdKyjOP4QH1krwj4jrrRb9dtYg3j:RDQrKS1bEuEcP40irw+p6g3

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks