General

  • Target

    CH2023-EGR012-60_61_62_63_64.exe

  • Size

    853KB

  • Sample

    231011-y6bpzsdc36

  • MD5

    1ec809fe6df06e1671dae8ef802ed39d

  • SHA1

    d331dc602ddb702e5e9835408f54dcd70f2884e7

  • SHA256

    ae5f1fa9855fd6e4511a674f0a0465df7960a757409a0d176f50b10fd14925ad

  • SHA512

    65aa4b84e12f665d6bec8b6184de3ae5224d328d00297db4aa314e6d7e74231398d0dbbf50dc17e337636a428dd1f066504f6098567565ffac94829af69c7cf0

  • SSDEEP

    24576:+YJor/5F/UgF8nH3oJz9E7Q3g5yMiDlyfsLCD5E:fJor/5F/UqcoJz6E3Z

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn26

Decoy

resenha10.bet

gulshan-rajput.com

xbus.tech

z813my.cfd

wlxzjlny.cfd

auntengotiempo.com

canada-reservation.com

thegiftcompany.shop

esthersilveirapropiedades.com

1wapws.top

ymjblnvo.cfd

termokimik.net

kushiro-artist-school.com

bmmboo.com

caceresconstructionservices.com

kentuckywalkabout.com

bringyourcart.com

miamiwinetour.com

bobcatsocial.site

thirdmind.network

Targets

    • Target

      CH2023-EGR012-60_61_62_63_64.exe

    • Size

      853KB

    • MD5

      1ec809fe6df06e1671dae8ef802ed39d

    • SHA1

      d331dc602ddb702e5e9835408f54dcd70f2884e7

    • SHA256

      ae5f1fa9855fd6e4511a674f0a0465df7960a757409a0d176f50b10fd14925ad

    • SHA512

      65aa4b84e12f665d6bec8b6184de3ae5224d328d00297db4aa314e6d7e74231398d0dbbf50dc17e337636a428dd1f066504f6098567565ffac94829af69c7cf0

    • SSDEEP

      24576:+YJor/5F/UgF8nH3oJz9E7Q3g5yMiDlyfsLCD5E:fJor/5F/UqcoJz6E3Z

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks