General

  • Target

    f2a204ea5770dabcd9edfc14149a87e9f8d01098b00ffc988f2ef821b3502917

  • Size

    567KB

  • Sample

    231011-pgw5ysgg55

  • MD5

    3c131b3145d99990a0f1dd504df566b8

  • SHA1

    098f21c3fc6d68a1e4e3bdb2491d52f6e7f4b321

  • SHA256

    f2a204ea5770dabcd9edfc14149a87e9f8d01098b00ffc988f2ef821b3502917

  • SHA512

    c1bf4dec696868529b4b25669c3107926a2569183d016ddc202406822150d092d6a6bd5e8afee6086bb61a81f8077c33aa67f1dfab3c7702932e7b280d327983

  • SSDEEP

    12288:jixBTnw1lado0zkUQFkiu8GfsFI3XWCs5iQLo4Jtk8r1:jinTwh0IFk0ksFieiAfJq8r1

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

r65e

Decoy

cgoxzsep4.com

browser-privacy.xyz

ganjatr.com

generativebreakup.shop

rhoheritage.com

theriprapcompany.com

520baobao.com

theroomdividers.services

justfind.info

88av552.top

myhywea.info

oe9-kumamoto.xyz

awves.skin

hntv9037.top

velscleaningservices.com

hjjkk89.xyz

acessonlinenetbrdia.site

programmerxx.com

openai-clone.com

xn--xysu5cre277avz6d8ud.com

Targets

    • Target

      SWIFT copy 27092023.exe

    • Size

      636KB

    • MD5

      daf6c083b09bbd7db92bd975933097b8

    • SHA1

      b5ecee6fd39b1b89a1246842bdb93b34d6a3637e

    • SHA256

      be5825c707b2fd0d972ae9d2431561b9215de539846232cff466cb11e20b9d89

    • SHA512

      1c04f5f7b0f93e60c85cc648c99db1eac0fb5a959bc5995122f2768525ee521d46c6126ca7d5029d7e7dbeb964efccfb2cd0f8cfce0f35fd873ec1e9cc80b8aa

    • SSDEEP

      12288:M6LyiRJU/Wcj1XdosluhJFkin+93RGWPjQaz6W5i8Nc5bz9efDK0Z:RmFeQ8sgkG+hRB7QTKiq80Z

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks