General

  • Target

    tmp

  • Size

    1.2MB

  • Sample

    231011-zs4paada5y

  • MD5

    ced4af5a976fb361bfded06260f5985f

  • SHA1

    a4d8b6552d82bf400bd2c5177263d37d044b079a

  • SHA256

    ca26fd8d4675cfec9eee79a402ce93024e4b817655df0307ba3d9dba93f918b2

  • SHA512

    c506f535ee9038d7eb990e524de1da60f880c3fd1491a2ad4229c6cea90d3f080f42deb6e30fcc9194b989821abf0f50681526debaf46d4f6ac09ea906a7efa7

  • SSDEEP

    24576:jQ3IGH0kofhzE+S/MG5woa+2LvDtn0fEcz2raO/bwntZKozPOPCnsoO+LY:jQ3I7JzE+I5pCDJ0++O/bw7K8uCnsaU

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ro12

Decoy

start399.com

decyfincoin.com

binguozhijiaok.com

one45.vip

55dy5s.top

regmt.pro

2ahxgaafifl.com

xn--6rtp2flvfc2h.com

justinmburns.com

los3.online

fleshaaikensdivinegiven7llc.com

servicedelv.services

apexcaryhomesforsale.com

shuraop.xyz

sagetotal.com

gratitude-et-compagnie.com

riderarea.com

digitalserviceact.online

contentbyc.com

agenda-digital-planner.com

Targets

    • Target

      tmp

    • Size

      1.2MB

    • MD5

      ced4af5a976fb361bfded06260f5985f

    • SHA1

      a4d8b6552d82bf400bd2c5177263d37d044b079a

    • SHA256

      ca26fd8d4675cfec9eee79a402ce93024e4b817655df0307ba3d9dba93f918b2

    • SHA512

      c506f535ee9038d7eb990e524de1da60f880c3fd1491a2ad4229c6cea90d3f080f42deb6e30fcc9194b989821abf0f50681526debaf46d4f6ac09ea906a7efa7

    • SSDEEP

      24576:jQ3IGH0kofhzE+S/MG5woa+2LvDtn0fEcz2raO/bwntZKozPOPCnsoO+LY:jQ3I7JzE+I5pCDJ0++O/bw7K8uCnsaU

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Formbook payload

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks