General

  • Target

    aa79e4458fd7f7be6b044281984dc3cf.bin

  • Size

    642KB

  • Sample

    231011-pshfyafh5s

  • MD5

    da9ddcaa1244045cd96402522618b83f

  • SHA1

    ef931411460347e9b4da2ae32457f014ea05fa02

  • SHA256

    44ae358dea959b1d7468e69058dd5b788b9e3af13af3a2fe854d5d69037e062d

  • SHA512

    61b5f61d4104292ffcdd41029eac8b298b78b0024c7fea85e9c48d44ff254eabbd00532935332413f15f00b752710632a0494a446d3d14711a18053d4c16c54f

  • SSDEEP

    12288:TWdSH1lKB8OH/KpDQ4MYYGF+xh3mgpMbEG/OE1u:a2l+8OfcDQCYGID3mka/Jw

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

v93r

Decoy

labourcommunitymarket.com

nba82.com

datahabitsales.site

rosstony.link

baliorganic.farm

qefhyjngrxcbjfvgft.autos

bippttcg.click

tldrschool.com

vcdaawug.click

garage2mats.com

soulrin.store

themezodermacream.com

522fairwaylookout.com

jmhoa.cyou

sygcb.link

thanhpresident.com

biy-home.com

imtmlife.online

dijitalpasaj.app

105261.com

Targets

    • Target

      716cc459f4685123823a8e5fc94768b3526c0900c98a0e51c5ce4b794b6b9f8c.exe

    • Size

      806KB

    • MD5

      aa79e4458fd7f7be6b044281984dc3cf

    • SHA1

      4fa6041b430c958e4c403c3f140783cf1ad05c79

    • SHA256

      716cc459f4685123823a8e5fc94768b3526c0900c98a0e51c5ce4b794b6b9f8c

    • SHA512

      a9dbe8065515bf06455179cf8c965d94d0f7f7ad83c82f84807e526cea8b07798bc5543b184f609f48290b4784f114f3f8a1b416ff6a977d097f2e3d202def2a

    • SSDEEP

      24576:IyFdolEMsxb+zqFPoBmjvZIKiUnmOU5uQn:IGYEMsxb+zqJemjvFmOk

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks