General

  • Target

    dca454cd2add0f19d32923c51ca108b128d7deeca254fa332b4263cf18a3b664

  • Size

    530KB

  • Sample

    231011-yv94eaac7y

  • MD5

    9170eed17d7bd274a1576c2bff354698

  • SHA1

    3c4380f881fb6948c1bc7a54c1b5ffc51353e484

  • SHA256

    dca454cd2add0f19d32923c51ca108b128d7deeca254fa332b4263cf18a3b664

  • SHA512

    566e8f2fa69b90718bbfc777f4a383dab88026405414eb8922f10218af9c4c84b83b8d727c7d2ebd140c38f308e887d4a71eb43738c5063179cfb96362bd724d

  • SSDEEP

    12288:GKR+Zm479AHXiL7MQrtziYURk4Nr94YR6FBOFfpX193C7A:B+EI6hQBG1RX94YR6QpvC7A

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g11y

Decoy

bayivip.top

lunarrhythmsliving.com

elizabethanbello.art

plushkitchen.com

timedb.net

exploringaging.com

dreamoney.online

luvisusllc.com

strikemedialabs.com

belvederesportsclub.com

turteen.com

theofficialtrumpcards.com

x-y-z.online

otuvu.com

outhandsbpm.com

scabiosa.top

99job.store

afcxz80whz.com

mysrz3l47.top

sarekaonsaddle.com

Targets

    • Target

      შესყიდვის შეკვეთა xxzc3 pdf.exe

    • Size

      551KB

    • MD5

      12b652ec70aefcda478ba3db7dade2ac

    • SHA1

      bb76a7b8eca4575a6a5400c03a46abc3d6b3be2e

    • SHA256

      d791946e423b64c9ec976a5b9491b6ee9294e8dda0e5707ffbb4c96448b908e1

    • SHA512

      b3cd9fa953379825ec608c3c4e61659460f277c69f9d900935c62be60306822b00005a47c2037b818751f737edba259a359f27c0c0fb1a4490691547d7516adc

    • SSDEEP

      12288:9g725DuLH+qhoWaJByQZtPiY4RkONr/4GR66G0YvQFE5La:JQz+qh5QXaXR3/4GR66cvuE5+

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks