General

  • Target

    tmp

  • Size

    599KB

  • Sample

    231012-tsvtgsdc49

  • MD5

    be5084e351dfbf93ca2cc522907e4cc6

  • SHA1

    9f27fdba883f1e1b2b83b335e9d45ccf642778cc

  • SHA256

    cc06328c412ff41125dbceb0bc2838c1cbea24fa2909b7614e08b6546ad77891

  • SHA512

    038d261fc62c07c1658d260bc5251133ed0496b761d1bc261efebe3eb5cb73f4cca103450edb9ab4f226b145f0713e2a9863b88dd305a29a8bebd3eee5b86f87

  • SSDEEP

    12288:WdJQwYCvompQDjlazJ4ipgBNi6flZs1MQRb9d6AaJUHRvkffg3R:WdJQzCvohnl2aK36dZQ9l9d2JUHRvkAB

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o6g2

Decoy

sdsteelfurnitures.com

rentpropertypalma.com

qysdh1.xyz

cybersecintl.com

gtvcodes.com

furniture-99972.bond

thirteen39designs.com

ibrahimmallouhi.info

gddenggao.icu

padmabsingh.online

familyfarmequipment.com

tailboost.xyz

euel6.xyz

visualduuck.com

paraserviryproteger.homes

fleurandviola.com

hstgaga.com

whacknet.com

rumenaraya.com

fineeastuk.com

Targets

    • Target

      tmp

    • Size

      599KB

    • MD5

      be5084e351dfbf93ca2cc522907e4cc6

    • SHA1

      9f27fdba883f1e1b2b83b335e9d45ccf642778cc

    • SHA256

      cc06328c412ff41125dbceb0bc2838c1cbea24fa2909b7614e08b6546ad77891

    • SHA512

      038d261fc62c07c1658d260bc5251133ed0496b761d1bc261efebe3eb5cb73f4cca103450edb9ab4f226b145f0713e2a9863b88dd305a29a8bebd3eee5b86f87

    • SSDEEP

      12288:WdJQwYCvompQDjlazJ4ipgBNi6flZs1MQRb9d6AaJUHRvkffg3R:WdJQzCvohnl2aK36dZQ9l9d2JUHRvkAB

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks