General

  • Target

    ce83b3087374de33232e140f530b7834.bin

  • Size

    623KB

  • Sample

    231011-pr7pfafh3t

  • MD5

    1464ac2de37a678559487d4383fc0b2a

  • SHA1

    5a0c24271ff53e1ef1bf5c0936461a8a05cd96c7

  • SHA256

    d5d1dbe49d342b3baa985f9d025f51429e80f1ca6cca73a72f009fc72ff160c3

  • SHA512

    aa0e1c8c8702629361a6d66535c50a6f5624d0508e8cf8f5c86f7931bb5d37de871cc582cb1450267d192c91ffa582ab66c942216e83185d8187e892bbd3d4d8

  • SSDEEP

    12288:YNi7u1m/0ghi0V2nTMe7/yClFppj3sEF3hxQancPNJiVbolxOt:YNi7u1m/06i/TMe7BFppDVRxQaWaVbow

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rc11

Decoy

makemoneywithkalyn.com

embanks.online

hustlewithheather.net

firmdev.net

tmjservices.online

5gpp4.xyz

youtubereelsdownload.com

qdhengwang.com

169318.com

alphastarweddingvideos.com

leyelizworld.com

brewedburn.com

tinkerchem.com

ndtkw.com

tronzadoragroup.com

formaciondocendo.net

nirwanaai.com

mbadevelopment.online

talkswdrick.com

frora-gift.com

Targets

    • Target

      9cbc043b211f653116dc64d489a79918a215577985d473c56ce9ca3e4b12c2da.exe

    • Size

      935KB

    • MD5

      ce83b3087374de33232e140f530b7834

    • SHA1

      09ede80fd6e9eb3c1d4bb8f02b9f099edb926128

    • SHA256

      9cbc043b211f653116dc64d489a79918a215577985d473c56ce9ca3e4b12c2da

    • SHA512

      5c912365f585b86860a548e9c56c514b997f3e5687fe8a15d7d63a4bbccaeb1e97cf60ed240b7162734cd9471fff613c54ae5ef017c0b56ea3dab12e16e2df31

    • SSDEEP

      24576:vVwRLePgybukh7gMo2ImPhPGjVufE6gaa1:vnAMPKYfNa

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks