General

  • Target

    6153872c1610031f5242968a5b2818fb307f800886262a0e932e9bcaeb980859_JC.zip

  • Size

    528KB

  • Sample

    231011-re7j1sca7x

  • MD5

    2b68e5d464030eb75cf019b4a2c56b19

  • SHA1

    fa02c98a2fc185210bccc0abb2c49452a5d68eaf

  • SHA256

    6153872c1610031f5242968a5b2818fb307f800886262a0e932e9bcaeb980859

  • SHA512

    471ab8343d4221fc44c667f458950ec1df4b9a959cdaf74af3c87595bf93c1acd0b5da249c935a6ac10b09ed65cc46ed2cb14fb47b93b7141d0fc0ba0180966c

  • SSDEEP

    6144:YhE2wHBifFEjZLNOjEFaOS10m5B18O2sBdE84REyntjCrGRyGfqjyPIrUzMjtY0l:8wHxyHHoAy95MnVOPloO075vP

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ey16

Decoy

slimshotonline.com

rifaboa.com

metallzauber.com

jabandfuel.com

reacthat.com

qcgaeu.top

ssongg446.cfd

29kuan7.cfd

101agh.com

reliablii.com

luginfinity.com

e513.cloud

k4lantar.sbs

etoempire.com

phons.info

vovacom.com

birbakalim.fun

wellhousesctx.com

flthg.link

strasburgangus.com

Targets

    • Target

      #PO 4500515595 ULTRA TEC.exe

    • Size

      550KB

    • MD5

      5adbfe3a05eb61b2d2620b6538dc5772

    • SHA1

      8bee7a099e2c1753a62be196915da3756758e75c

    • SHA256

      d404e5865cddbf47f6a494f9120130035b3ac5761810dc75e20bc28873327547

    • SHA512

      5d66a876e199a1733c9c445cdb5d2c4d4842373a710c6a93c088d1d5456ef7c6a3308a56b1b00c5852457ec8db8108b1fe278f45b0dcc7b7433ea20b9e4a465c

    • SSDEEP

      12288:JZ725ZbHWLBajVyuexPgAHsP3o4roF6Btp3P:uCQSxPgAIogPBth

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks