General

  • Target

    Lhlqoeaowd.exe

  • Size

    935KB

  • Sample

    231011-ykevhsbd43

  • MD5

    ce83b3087374de33232e140f530b7834

  • SHA1

    09ede80fd6e9eb3c1d4bb8f02b9f099edb926128

  • SHA256

    9cbc043b211f653116dc64d489a79918a215577985d473c56ce9ca3e4b12c2da

  • SHA512

    5c912365f585b86860a548e9c56c514b997f3e5687fe8a15d7d63a4bbccaeb1e97cf60ed240b7162734cd9471fff613c54ae5ef017c0b56ea3dab12e16e2df31

  • SSDEEP

    24576:vVwRLePgybukh7gMo2ImPhPGjVufE6gaa1:vnAMPKYfNa

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rc11

Decoy

makemoneywithkalyn.com

embanks.online

hustlewithheather.net

firmdev.net

tmjservices.online

5gpp4.xyz

youtubereelsdownload.com

qdhengwang.com

169318.com

alphastarweddingvideos.com

leyelizworld.com

brewedburn.com

tinkerchem.com

ndtkw.com

tronzadoragroup.com

formaciondocendo.net

nirwanaai.com

mbadevelopment.online

talkswdrick.com

frora-gift.com

Targets

    • Target

      Lhlqoeaowd.exe

    • Size

      935KB

    • MD5

      ce83b3087374de33232e140f530b7834

    • SHA1

      09ede80fd6e9eb3c1d4bb8f02b9f099edb926128

    • SHA256

      9cbc043b211f653116dc64d489a79918a215577985d473c56ce9ca3e4b12c2da

    • SHA512

      5c912365f585b86860a548e9c56c514b997f3e5687fe8a15d7d63a4bbccaeb1e97cf60ed240b7162734cd9471fff613c54ae5ef017c0b56ea3dab12e16e2df31

    • SSDEEP

      24576:vVwRLePgybukh7gMo2ImPhPGjVufE6gaa1:vnAMPKYfNa

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks