General

  • Target

    716cc459f4685123823a8e5fc94768b3526c0900c98a0e51c5ce4b794b6b9f8c_JC.exe

  • Size

    806KB

  • Sample

    231011-rev6zsca4x

  • MD5

    aa79e4458fd7f7be6b044281984dc3cf

  • SHA1

    4fa6041b430c958e4c403c3f140783cf1ad05c79

  • SHA256

    716cc459f4685123823a8e5fc94768b3526c0900c98a0e51c5ce4b794b6b9f8c

  • SHA512

    a9dbe8065515bf06455179cf8c965d94d0f7f7ad83c82f84807e526cea8b07798bc5543b184f609f48290b4784f114f3f8a1b416ff6a977d097f2e3d202def2a

  • SSDEEP

    24576:IyFdolEMsxb+zqFPoBmjvZIKiUnmOU5uQn:IGYEMsxb+zqJemjvFmOk

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

v93r

Decoy

labourcommunitymarket.com

nba82.com

datahabitsales.site

rosstony.link

baliorganic.farm

qefhyjngrxcbjfvgft.autos

bippttcg.click

tldrschool.com

vcdaawug.click

garage2mats.com

soulrin.store

themezodermacream.com

522fairwaylookout.com

jmhoa.cyou

sygcb.link

thanhpresident.com

biy-home.com

imtmlife.online

dijitalpasaj.app

105261.com

Targets

    • Target

      716cc459f4685123823a8e5fc94768b3526c0900c98a0e51c5ce4b794b6b9f8c_JC.exe

    • Size

      806KB

    • MD5

      aa79e4458fd7f7be6b044281984dc3cf

    • SHA1

      4fa6041b430c958e4c403c3f140783cf1ad05c79

    • SHA256

      716cc459f4685123823a8e5fc94768b3526c0900c98a0e51c5ce4b794b6b9f8c

    • SHA512

      a9dbe8065515bf06455179cf8c965d94d0f7f7ad83c82f84807e526cea8b07798bc5543b184f609f48290b4784f114f3f8a1b416ff6a977d097f2e3d202def2a

    • SSDEEP

      24576:IyFdolEMsxb+zqFPoBmjvZIKiUnmOU5uQn:IGYEMsxb+zqJemjvFmOk

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks