General

  • Target

    060133c029ea1cac1e94f96fd0121c7f.exe

  • Size

    1.2MB

  • Sample

    231011-y2g17sah6v

  • MD5

    060133c029ea1cac1e94f96fd0121c7f

  • SHA1

    632428ce76027668ecd9b0051fee45d91bde0417

  • SHA256

    7f6d191fcdf726491e13f188f6c61fcd1ddcde44d69d05d97c7f0990ba25d757

  • SHA512

    6036f0bef538809adb2903441c511fb9108b96f6034153f4263bf27a2c869e9abdddb1a3fc76055bb31dabd3da1864a25314465fa09eca0f8ac8fa454d62380b

  • SSDEEP

    24576:SMtvLj9KPoOFQb6uuFIXAcchpd+Y0MmE:SMnKxuucBE

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kmge

Decoy

jia0752d.com

cq0jt.sbs

whimsicalweddingrentals.com

meetsex-here.life

hhe-crv220.com

bedbillionaire.com

soycmo.com

mrawkward.xyz

11ramshornroad.com

motoyonaturals.com

thischicloves.com

gacorbet.pro

ihsanid.com

pancaketurner.com

santanarstore.com

cr3dtv.com

negotools.com

landfillequip.com

sejasuapropriachefe.com

diamant-verkopen.store

Targets

    • Target

      060133c029ea1cac1e94f96fd0121c7f.exe

    • Size

      1.2MB

    • MD5

      060133c029ea1cac1e94f96fd0121c7f

    • SHA1

      632428ce76027668ecd9b0051fee45d91bde0417

    • SHA256

      7f6d191fcdf726491e13f188f6c61fcd1ddcde44d69d05d97c7f0990ba25d757

    • SHA512

      6036f0bef538809adb2903441c511fb9108b96f6034153f4263bf27a2c869e9abdddb1a3fc76055bb31dabd3da1864a25314465fa09eca0f8ac8fa454d62380b

    • SSDEEP

      24576:SMtvLj9KPoOFQb6uuFIXAcchpd+Y0MmE:SMnKxuucBE

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Formbook payload

    • ModiLoader Second Stage

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks