General

  • Target

    doc_Quanon_62_10-6_pdf.exe

  • Size

    635KB

  • Sample

    231022-jbvgaaeb3v

  • MD5

    0d92c4776d31205c7b2275d1a78b4085

  • SHA1

    985fba4c665f1f1250df0a85c3169bc631d9e0a5

  • SHA256

    f98b2fefbfa54e17d684f60629172f5f160259a6041b671f423eefbf0e51f949

  • SHA512

    965c80653a4e4a0bfaacd60131248aaf15fca1487df8a72f2780c7fba63e6a09227252271cb1e5d8547a241ec644e16b924dd1cf683f39b08f3cbf08b8008e22

  • SSDEEP

    12288:Noj7s93wIxbzM1k19Rvt7l+SAd+GSJnhY5RgzTaz6uiczg:Oj7s93nfxfha7SJCuOz9k

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

eg02

Decoy

erc20.gold

elainevannmorgan.photography

melbet-el4.top

guvenilir.bet

sesamecsre.com

kevinjaydenwivano.tech

condohotelguru.com

shjcdz.com

innocarta.store

collinstradingpost.com

6om3j4.top

nagtco.xyz

fasist.fit

arkansaspremiertournaments.com

mrscsnowschool.com

ma-group.online

lillyjriley.icu

electric-cars-87253.bond

lila.tools

hollamia.com

Targets

    • Target

      doc_Quanon_62_10-6_pdf.exe

    • Size

      635KB

    • MD5

      0d92c4776d31205c7b2275d1a78b4085

    • SHA1

      985fba4c665f1f1250df0a85c3169bc631d9e0a5

    • SHA256

      f98b2fefbfa54e17d684f60629172f5f160259a6041b671f423eefbf0e51f949

    • SHA512

      965c80653a4e4a0bfaacd60131248aaf15fca1487df8a72f2780c7fba63e6a09227252271cb1e5d8547a241ec644e16b924dd1cf683f39b08f3cbf08b8008e22

    • SSDEEP

      12288:Noj7s93wIxbzM1k19Rvt7l+SAd+GSJnhY5RgzTaz6uiczg:Oj7s93nfxfha7SJCuOz9k

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks