General

  • Target

    4c7f09cf39179eb2d451c68a9c3e2a338b3491421deb3d3e3cacc413ba946e83

  • Size

    623KB

  • Sample

    231011-ylrwgahg8v

  • MD5

    7f11344bf4a2b284bac5526d6a0571e4

  • SHA1

    c9085e44632b528f0c4f778979441a4441d2514d

  • SHA256

    4c7f09cf39179eb2d451c68a9c3e2a338b3491421deb3d3e3cacc413ba946e83

  • SHA512

    6e59304412bef07c7d192b90bf6183bd737077ccd2bf3095cb47772ab270b05b1d168d0cf6b74b090dc36e8f281ed1bbda6e787a86fa0d8c88c70f2d4568a1d4

  • SSDEEP

    12288:m65vVWgJxbt5N2dV6iuApx5IvESuWvsJB9OwouwXc6N1LLKGsJEqkKP:mUV1vbAv35x25bvTuwXcwTqkKP

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mh21

Decoy

qiandaye.top

zltgw.com

getxgp.link

forest-create.site

parsefilm.com

foodstore.top

reynoldsquality.com

tripleshops.com

altuwaijrifood.com

seniorassistedlivinglocator.com

essencedelanature.com

hrwv098.xyz

olkja.xyz

10685johansen.com

ajidenhp.com

sensifiedregistration.com

timetodatings.life

bizbet-review-pt.com

zhangming.asia

xn--vhq074eeozsda.top

Targets

    • Target

      E-dekont,pdf.exe

    • Size

      934KB

    • MD5

      6b051202b3a9cdbebeb3eece7f7ab249

    • SHA1

      cc6a13af9f020b1ad54161909362d54e23465d44

    • SHA256

      df6bc903026ccbf8519688272555c01bff58f6e1572d9c468673b390c321e97e

    • SHA512

      fc74a6dd5ca27da2c42556d733fc2111628552a1fa36d2b1a47c2fa03917ff8bdf4b0c5f44b7104f348b2183b98e1eab851abba68b7cb8f9c50beacecd702c3c

    • SSDEEP

      12288:oOKp1c+S3NZxz+OzjJQpxHIvE8u6vsJB/OwmuwFc6D1L4Gonx9wz98:5oa3Nrz+OzNsxonpvjuwFclGox9y98

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks