General

  • Target

    Longmark PO.exe

  • Size

    630KB

  • Sample

    231011-yz29csce59

  • MD5

    d4bf115aa1488313dff7d2b0af4d1854

  • SHA1

    0215dae293f61481fc511a4f7dc038b21302191f

  • SHA256

    f93c2d5447563c24b8a60a7404a32155093ecf40afeb7345490bc8ba2e87cd14

  • SHA512

    a569da6f252c474316c62f95649d38f1f4aa2149b948747b6f88c220d77d560f15331de51aeb841232532d9fc9fb7240772bd2bf18a95223a00b77ccc0118a0e

  • SSDEEP

    12288:QrD6nPCz35UKbhwTjSmbgbTyzEBWVcSqZCNptL8aPvaDCrj2qe+ip50KDO:iDD3RQjSm8bTyAUVcctb2Q0cKD

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m0u5

Decoy

thefdigroup.com

ashirovinc.com

nbkbj.com

sundirect.cloud

watertreegirls.com

transportevolpara.com

shohagit.com

warna99.net

infsodex.online

fansjolt.com

ourrajasthan.com

secretgardenbuys.com

italyimportvinhos.com

gxzfwx.com

aujhgk.buzz

75313a.com

tertians.com

asansys.net

jacksonsportsmemorabilia.com

globalkamp305.com

Targets

    • Target

      Longmark PO.exe

    • Size

      630KB

    • MD5

      d4bf115aa1488313dff7d2b0af4d1854

    • SHA1

      0215dae293f61481fc511a4f7dc038b21302191f

    • SHA256

      f93c2d5447563c24b8a60a7404a32155093ecf40afeb7345490bc8ba2e87cd14

    • SHA512

      a569da6f252c474316c62f95649d38f1f4aa2149b948747b6f88c220d77d560f15331de51aeb841232532d9fc9fb7240772bd2bf18a95223a00b77ccc0118a0e

    • SSDEEP

      12288:QrD6nPCz35UKbhwTjSmbgbTyzEBWVcSqZCNptL8aPvaDCrj2qe+ip50KDO:iDD3RQjSm8bTyAUVcctb2Q0cKD

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks